WONTECH Mall (hereinafter referred to as the “Company”) establishes and discloses this Privacy Policy in accordance with Article 30 of the Personal Information Protection Act to protect the personal information of data subjects and to promptly and effectively address related grievances.
Article 1 (Purpose of Processing Personal Information)
The Company processes personal information for the following purposes. The personal information being processed will not be used for purposes other than those stated below. If the purpose of use changes, the Company will take necessary measures in accordance with Article 18 of the Personal Information Protection Act, including obtaining separate consent where required.
1. Website Membership Registration and Management
Personal information is processed for the purposes of confirming intent to register, verifying and authenticating identity for membership-based services, maintaining and managing membership status, verifying identity under limited identity verification systems, preventing fraudulent use of services, confirming legal guardian consent for children under the age of 14, issuing notices and communications, and handling complaints.
2. Provision of Goods or Services
Personal information is processed for product delivery, service provision, issuance of contracts and invoices, content delivery, customized services, identity and age verification, payment processing and settlement, and debt collection.
3. Handling of Complaints
Personal information is processed to verify the identity of complainants, confirm complaint details, conduct fact-finding investigations, communicate and notify regarding investigations, and inform individuals of the results.
Article 2 (Retention and Processing Period of Personal Information)
The Company processes and retains personal information within the period prescribed by applicable laws or within the retention period consented to by the data subject at the time of collection.
The respective retention and processing periods are as follows:
1. Website Membership Registration and Management
Until withdrawal from the Company’s website (for business entities/organizations).
However, in the following cases, until the relevant matter is resolved:
If investigations or inquiries are ongoing due to violations of applicable laws, until such investigations are concluded.
If outstanding claims or liabilities exist in connection with website use, until such claims and liabilities are settled.
2. Provision of Goods or Services
Until the completion of the supply of goods/services and payment/settlement.
However, where required under applicable laws:
Under the Act on the Consumer Protection in Electronic Commerce, etc.:
Records on labeling and advertising: 6 months
Records on contracts or withdrawal of subscription, payment, and supply of goods: 5 years
Records on consumer complaints or dispute resolution: 3 years
Under Article 41 of the Protection of Communications Secrets Act:
Subscriber telecommunications date and time, start/end time, counterpart subscriber number, usage frequency, base station location tracking data: 1 year
Computer communication or internet log records and access tracking data: 3 months
Article 3 (Rights of Data Subjects and Legal Representatives and Methods of Exercise)
Data subjects may exercise the following rights related to personal information protection at any time:
Request access to personal information
Request correction in case of errors
Request deletion
Request suspension of processing
Such rights may be exercised in writing, by telephone, email, fax, or other means, and the Company will take prompt action.
If a data subject requests correction or deletion of personal information due to errors, the Company will not use or provide such information until the correction or deletion is completed.
Rights may be exercised through a legal representative or an authorized agent. In such cases, a power of attorney in accordance with the Enforcement Rules of the Personal Information Protection Act must be submitted.
Data subjects must not infringe upon their own or others’ personal information or privacy in violation of applicable laws.
Article 4 (Items of Personal Information Processed)
The Company processes the following categories of personal information:
1. Website Membership Registration and Management
Required items: Hospital name, ID, password, address, telephone number, email address
2. Provision of Goods or Services
Required items: Hospital name, ID, password, address, telephone number, email address
3. Information Automatically Collected During Internet Service Use
IP address, cookies, MAC address, service usage records, visit records, improper usage records, etc.
Article 5 (Destruction of Personal Information)
The Company destroys personal information without delay when it becomes unnecessary, such as upon expiration of the retention period or achievement of the processing purpose.
If personal information must be retained in accordance with other laws despite the expiration of the agreed retention period or achievement of the purpose, such information will be stored separately in a different database or location.
Procedures and methods of destruction are as follows:
Destruction Procedure:
The Company selects personal information subject to destruction and destroys it upon approval from the Chief Privacy Officer.
Destruction Method:
Electronic files are destroyed using technical methods (e.g., low-level formatting) to prevent recovery. Paper documents are shredded or incinerated.
Article 6 (Measures to Ensure the Security of Personal Information)
The Company implements the following measures to ensure the security of personal information:
Administrative Measures: Establishment and implementation of internal management plans; regular employee training
Technical Measures: Access control management for personal information processing systems; installation of access control systems; encryption of unique identification information; installation of security programs
Physical Measures: Access control to computer rooms and data storage facilities
Article 7 (Installation, Operation, and Refusal of Automatic Data Collection Devices)
The Company uses cookies to provide customized services by storing and retrieving user information as needed.
Cookies are small amounts of information sent by the website server (HTTP) to the user’s browser and may be stored on the user’s computer hard drive.
Purpose of Cookies: To analyze user visit patterns, service usage, popular search terms, and secure access status in order to provide optimized services.
Cookie Settings and Refusal: Users may refuse cookie storage through browser settings (Tools > Internet Options > Privacy).
Impact of Refusal: Refusing cookies may limit access to certain customized services.
Article 8 (Remedies for Infringement of Rights)
Data subjects may contact the following institutions for damage relief or consultation regarding personal information infringement:
Personal Information Infringement Report Center (operated by KISA)
Website: privacy.kisa.or.kr
Tel: 118 (without area code)
Personal Information Dispute Mediation Committee
Website: www.kopico.go.kr
Tel: 1833-6972
Supreme Prosecutors’ Office Cyber Crime Investigation Division
Website: www.spo.go.kr
Tel: +82-2-3480-3573
National Police Agency Cyber Bureau
Website: cyberbureau.police.go.kr
Tel: 182
Article 9 (Effective Date and Amendments)
This Privacy Policy is effective as of November 9, 2020.