Personal Information Processing Policy
Crosseast Consulting Pte.Ltd (hereinafter referred to as the “Company”) values customers' personal information and always makes every effort to protect customer's personal information. Accordingly, in accordance with Article 30 of the Personal Information Protection Act, the Company establishes and discloses the following personal information processing policy in order to protect the personal information of customers and to deal with related grievances quickly and smoothly.
Article 1 (Purpose of personal information processing) The company processes personal information for the following purposes. The personal information being processed is not used for purposes other than the following purposes, and if the purpose of use is changed, we will take necessary measures such as obtaining separate consent in accordance with Article 18 of the Personal Information Protection Act.
Category Purpose of use
Homepage member registration and management-Confirmation of membership intention
-Identification and authentication according to the provision of membership service
-Membership maintenance and management
-Prevention of illegal use of service
-Confirmation of consent of legal representative when processing personal information of children under 14 years of age
-Various notices and notices, grievance handling, etc.
Provision of goods or services, refund for withdrawal of subscription-Delivery of goods
-Send contracts and invoices
-Provide customized service
-Identity verification and age verification
-Payment and settlement
-Subscription withdrawal/refund, etc.
Grievance handling-identification of the complainant
-Confirmation of civil complaints
-Contact and notification for fact-finding
-Notification of processing results, etc.
Article 2 (Processing and retention period of personal information) ① The company processes and retains personal information within the period of retention and use of personal information agreed upon when collecting personal information from the data subject or the period of personal information retention and use in accordance with laws and regulations. Do it.
② Each personal information processing and retention period is as follows.
1. Homepage membership registration and management: Until withdrawal from the company homepage. However, in the following cases, until the end of the reason.
1. If an investigation or investigation in violation of related laws is in progress, until the end of the investigation or investigation
2. In the event that the bond-debt relationship remains due to the use of the website, until the settlement of the bond-debt relationship
2. Refund due to provision of goods or services or withdrawal of subscription: Until the completion of supply of goods and services and completion of payment and settlement. However, in the case of any of the following reasons, until the end of the period
1. Records of transactions, such as display and advertisement, contract details and performance in accordance with the Act on Consumer Protection in Electronic Commerce, etc.
a) Records on labeling and advertisement: 6 months
b) Records of contract or subscription withdrawal, payment, and supply of goods: 5 years
c) Records on consumer complaints or dispute settlement: 3 years
2. Storage of communication fact confirmation data pursuant to Article 41 of the Communication Secret Protection Act
a) Subscriber telecommunication date and time, start/end time, subscriber number, frequency of use, and location tracking data of the sending base station: 1 year
b) Computer communication, Internet log record data, access point tracking data: 3 months
3. Storage of identification information pursuant to Article 29 of the Enforcement Decree of the Act on Promotion of Information and Communication Network Utilization and Information Protection, etc.: 6 months after information posting on the bulletin board is finished
Article 3 (Provision of personal information to a third party) ① The company processes the personal information of the information subject only within the range specified in Article 1, consent of the information subject, special provisions of the law, etc. Article 17 and Articles of the Personal Information Protection Act Personal information is provided to third parties only in cases falling under Article 18.
② The company provides personal information to third parties as follows.
Recipient of personal information Purpose of using personal information of the recipient Personal information items to be provided Retention and use period of the recipient
Seller Handling of tasks necessary for the implementation of e-commerce contracts, such as delivery of ordered products, returns and refunds, customer consultation and complaint handling, etc.Name, phone number, mobile phone number, shipping address, email address, customs clearance number, goods or services Destruction after achieving the purpose of refund following the provision of or withdrawal of subscription (however, it is kept for a statutory period in accordance with the provisions set forth in related laws)
Article 4 (Consignment of personal information processing) ① The company entrusts personal information processing tasks as follows for smooth personal information processing.
Consignee consignment work and purpose retention and use period
Until membership withdrawal and consignment contract expiration of CJ Logistics products
All payments through CGI INICIS credit card, mobile phone, account transfer, etc. Until membership withdrawal and consignment contract expiration
All payments through EximBay credit card, mobile phone, account transfer, etc.
Until membership withdrawal and consignment contract expiration
② When signing a consignment contract, the Company shall provide a contract with matters related to liability such as prohibition of processing of personal information other than the purpose of performing consignment work, technical and administrative protection measures, restrictions on reconsignment, management and supervision of the consignee, compensation for damages, etc. in accordance with Article 25 of the Personal Information Protection Act. Etc., and oversees whether the trustee handles personal information safely. The company provides personal information to third parties as follows.
③ If the contents of the consignment business or the consignee change, we will disclose it through this personal information processing policy without delay.
Article 5 (Rights and obligations of the information subject and legal representative) ① The information subject may exercise the rights to the company at any time, such as requesting access to, correction, deletion, and suspension of processing of personal information.
② Exercising rights pursuant to Paragraph 1 may be made to the Company through written, e-mail, fax, etc. in accordance with Article 41 Paragraph 1 of the Enforcement Decree of the Personal Information Protection Act, and the Company will take action without delay. The company processes the personal information of the information subject only within the range specified in Article 1, and only if it falls under Articles 17 and 18 of the Personal Information Protection Act, such as the consent of the information subject and special provisions of the law, to a third party. provide.
③ The exercise of rights pursuant to Paragraph 1 can be done through the legal representative of the information subject or through an agent such as a person who has been delegated. In this case, you must submit a power of attorney in accordance with the form of Attachment 11 of the Enforcement Regulations of the Personal Information Protection Act.
④ The rights of the information subject may be restricted in accordance with Article 35 (5) and Article 37 (2) of the Personal Information Protection Act for requests to view and stop processing personal information.
⑤ Request for correction and deletion of personal information cannot be requested if the personal information is specified as the object of collection in other laws.
⑥ The company verifies whether the person who made the request for access according to the rights of the information subject, request for correction or deletion, or request for access to suspension of processing is the person or a legitimate agent.
Article 6 (Personal information items to be processed) ① The company processes the following personal information items.
Type Collection and Use Items Collection and Purpose of Use
Mandatory Facebook ID, Google ID, Amazon ID, email address and password Homepage membership and management
Name, recipient's contact information, shipping address, customs clearance number, account holder name, account number, card holder name, billing and payment records Provide goods or services, refund for withdrawal of subscription
② The following personal information items may be automatically generated and collected in the process of using the company's services in order to provide customized services and shopping cart functions to customers.
-IP address, cookie, MAC address, service use record, visit record, suspension and termination record, etc.
Article 7 (Destruction of personal information) ① The company destroys the personal information without delay when personal information becomes unnecessary, such as the elapse of the personal information retention period or achievement of the processing purpose.
② If the personal information retention period agreed by the information subject has elapsed or the purpose of processing has been achieved, if personal information must be kept in accordance with other laws and regulations, the personal information may be transferred to a separate database (DB) or the storage location Preserved otherwise.
③ The procedures and methods of personal information destruction are as follows.
1. Destruction procedure: The company selects the personal information for which the reason for destruction occurred, and destroys the personal information with the approval of the company's personal information protection manager.
2. Destruction method: The company destroys personal information recorded and stored in the form of electronic files so that the records cannot be reproduced, and personal information recorded and stored in paper documents is destroyed by shredding or incineration.
Article 8 (Measures to ensure the safety of personal information) The company takes the following measures to ensure the safety of personal information.
1. Administrative measures: The company destroys the personal information without delay when personal information becomes unnecessary, such as the elapse of the personal information retention period or achievement of the processing purpose.
2. Technical measures: management of access rights such as personal information processing system, installation of access control system, encryption of unique identification information, installation of security programs
3. Physical measures: Access control of computer room, data storage room, etc.
② Cookies are a small amount of information sent to the user's computer browser by the server (http) used to operate the website, and may be stored on the hard disk in the user's PC computer.
③ Cookies are used to provide optimized information to users after identifying the types of visits and usage, popular search terms, and secure access to each service and website visited by users.
④ You can refuse to store cookies by setting options in the Tools> Internet Options> Personal Information menu at the top of the web browser.
⑤ If you refuse to save cookies, you may experience difficulties in using customized services.
Article 10 (Person in charge of personal information protection) ① The company is responsible for the handling of personal information, and has a personal information protection manager as follows for handling complaints and remedy for damages related to personal information processing. Are specified.
1. Personal Information Protection Officer
Position: Web Development Team Leader
② The information subject can inquire to the person in charge of personal information protection and the department in charge of all personal information protection related inquiries, complaint handling, damage relief, etc. that occurred while using the company's service (or business). The company will respond and handle inquiries from the information subject without delay.
Article 11 (Remedy for infringement of rights and interests) The information subject may provide relief and counseling for personal information infringement to the following organizations. However, the following institutions are separate from the company, and if you are not satisfied with the company's own personal information complaint handling and damage relief results, or if you need more detailed help, please contact the contact number listed in Article 10.
1. Personal Information Infringement Report Center (operated by Korea Internet & Security Agency)
-Responsibility: Report of personal information infringement, request for consultation
-Phone: (without area code) 118
-Address: (58324) Personal Information Infringement Reporting Center on the 3rd floor, 9 Jinheung-gil, Naju-si, Jeollanam-do (301-2 Bitgaram-dong)
2. Personal Information Dispute Mediation Committee
-Jurisdiction: Personal information dispute mediation application, collective dispute mediation (civil settlement)
-Phone: (without area code) 1833-6972
-Address: (03171) 4th floor of Seoul Government Complex, 209 Sejong-daero, Jongno-gu, Seoul
3. Supreme Prosecutors' Office Cyber Crime Investigation Division: 02-3480-3573 (www.spo.go.kr)
4. National Police Agency Cyber Bureau: 182 (http://cyberbureau.police.go.kr)
Article 12 (Enforcement and Change of Personal Information Processing Policy) This personal information processing policy is applied from the effective date. In the event of a material change to the customer's personal information rights, it will be notified through the company's website at least 30 days in advance.