Wormhole (hereinafter referred to as “wormhole”) operated by C2Monster Co., Ltd. (hereinafter referred to as “the Company”) can protect users’ personal information and rights and interests in accordance with the Personal Information Protection Act and handle users’ grievances related to personal information smoothly. We have the following handling policy in place for you.
If the company revises the personal information processing policy, it will be notified through the service notice (or individual notice).
○ This policy is effective from January 1, 2017.
1. Purpose of processing personal information
Wormhole processes personal information for the following purposes. The processed personal information will not be used for any purpose other than the following, and prior consent will be sought when the purpose of use is changed.
i. Service membership registration and management
Personal information is processed for the purpose of maintaining and managing membership, various notices and notices, and preservation of records for dispute resolution.
ii. Handling of civil complaints
Personal information is processed for the purpose of verifying the identity of the complainant, confirming the complaint, contacting and notifying for fact-finding, and notifying the processing result.
iii. Provision of goods or services
Personal information is processed for the purpose of providing services, etc.
2. Rights and obligations of data subjects and how to exercise them
Users can exercise the following rights as a subject of personal information.
① The information subject can exercise the following personal information protection rights at any time with respect to the wormhole.
Request to view personal information
Request for correction in case of errors, etc.
Request to stop processing
② The exercise of rights pursuant to Paragraph 1 may be done in writing, e-mail, fax, etc. in accordance with Form 8 of the Enforcement Rule of the Personal Information Protection Act for wormholes, and the company will take action without delay.
③ If the information subject requests correction or deletion of personal information, the company will not use or provide the personal information until the correction or deletion is completed.
④ The exercise of rights pursuant to Paragraph 1 can be done through an agent such as a legal representative of the information subject or a person who has been delegated. In this case, you must submit a power of attorney in accordance with Form 11 of the Enforcement Rule of the Personal Information Protection Act.
3. Create items of personal information to be processed
① The company handles the following personal information items for service membership registration and management.
Required items: email, login password, gender, date of birth, name, educational background
4. Destruction of personal information
In principle, the company destroys the personal information without delay when the purpose of processing personal information is achieved. The procedures, deadlines and methods of destruction are as follows.
Destruction procedure: The information entered by the user is transferred to a separate DB after the purpose is achieved (a separate document in the case of paper) and is destroyed after being stored for a certain period according to internal policies and other related laws or immediately. At this time, the personal information transferred to the DB will not be used for any other purpose unless it is in accordance with the law.
Destruction period: If the retention period of personal information of users has elapsed, within 5 days from the end of the retention period, the personal information will be deleted unnecessarily, such as achieving the purpose of processing personal information, abolishing the service, or terminating the business. When the personal information is deemed unnecessary, the personal information will be destroyed within 5 days from the date it is deemed unnecessary.
Destruction method: Information in the form of electronic files uses a technical method that cannot reproduce the record. Personal information printed on paper is shredded with a shredder or destroyed through incineration.
5. Measures to ensure the safety of personal information
In accordance with Article 29 of the Personal Information Protection Act, the company is taking the following technical/administrative and physical measures necessary to secure safety.
Regular self-audit: We conduct regular (quarterly) self-audit to secure the stability of personal information handling.
Minimization and training of personnel handling personal information: We are implementing measures to manage personal information by designating and limiting personnel handling personal information to the person in charge.
Establishment and implementation of internal management plan: We establish and implement an internal management plan for safe handling of personal information.
Technical measures against hacking: In order to prevent leakage and damage of personal information due to hacking or computer viruses, the company installs security programs, periodically updates and checks, installs systems in areas where access is controlled from outside, and installs technical/physical monitoring and blocking.
Restriction on access to personal information: We are taking necessary measures to control access to personal information by granting, changing, and canceling access to the database system that processes personal information, and using an intrusion prevention system to access unauthorized access from outside are controlling.
Use of locks for document security: Documents containing personal information and auxiliary storage media are stored in a secure place with a lock.
Access control for unauthorized persons: We establish and operate access control procedures in a separate physical storage location where personal information is stored.
6. Privacy Officer
① The company is responsible for overall handling of personal information, and has designated a person in charge of personal information protection as follows to handle complaints and damage relief from information subjects related to personal information processing.
▶ Personal Information Protection Officer
Name: Kim Sang-in
Position: Head of Development
▶ Department in charge of personal information protection
Department Name: Management Support
Person in charge: Lee Kyung-jin
② The information subject may inquire about all personal information protection related inquiries, complaint handling, damage relief, etc. that occurred while using the wormhole to the person in charge of personal information protection and the department in charge. The company will respond and handle inquiries from information subjects promptly.
If you need to report or consult on other personal information infringement, you can contact the following organizations.
Privacy Infringement Report Center (privacy.kisa.or.kr / 118 without area code)
Cyber Investigation Division, Supreme Prosecutors' Office (www.spo.go.kr / 1301 without area code)
National Police Agency Cyber Security Bureau (cyberbureau.police.go.kr / 182 without area code)
① This personal information processing policy is effective from the effective date, and if there are additions, deletions, or corrections of changes according to laws and regulations, it will be notified through notice 7 days prior to the implementation of the changes.