<Hire Diversity Inc.> ("https://app.hirevisa.com", hereafter referred to as "Hirevisa"), according to Article 30 of the Personal Information Protection Act, in order to protect personal information and deal with inquiries regarding personal information, establishes and discloses the personal information policy as below.
○ This policy is applied from Jan 1, 2023.
Article 1 (the purpose of personal information processing)
<Hire Diversity Inc.> ("https://app.hirevisa.com", hereafter referred to as "Hirevisa") processes personal information for the following purposes. Personal information is not used for any other purpose besides the following, and if the purpose changes, according to Article 18 of the Personal Information Protection Act, necessary measures will be implemented, such as obtaining separate consent.
1.
To register and manage website members
Confirmation of intention to sign up for membership, Identification, and certification of the person in accordance with the provision of membership services, Maintenance, and management of membership, Prevention of unauthorized use of services, Check the consent of the legal representative when processing personal information of children under the age of 14, To notify and announce
2.
To handle affairs regarding petitions
Purpose of identification of a petitioner, confirmation of petitions, contact for fact-finding, and notifying of the results of processing
3.
Provision of goods or services
Purpose of delivering goods, providing services, sending contracts and claims, self-certification, age certification, payment and settlement of charges, and collecting bonds
4.
Use for marketing and advertising
Purpose of developing new services (products) and providing customized services, providing event and advertising information and opportunities to participate, service provision and advertising according to demographic characteristics, checking the validity of services and identifying the frequency of access or statistics on members' use of services, etc.
Article 2 (Processing and retention period of personal information)
① The company processes and retains personal information within the period of personal information retention and use under laws and regulations or within the period of personal information retention and use agreed upon when collecting personal information from the information subject.
② The processing and retention period of each personal information is as follows.
Personal information related to service use is retained and used for the above purpose of use from the date of consent for collection and use.
Grounds for Retention: Use of Foreign Registration Service
Related Acts :
1) Records of payment and supply of goods, etc.: 5 years
2) Records of withdrawal of contracts or subscriptions, etc.: 5 years
Article 3 (items of personal information processed)
① The company is processing the following personal information items.
< Register and manage website membership >
Required items: Email, mobile phone number, home address, home phone number, password question and answer, password, login ID, gender, date of birth, name, job, educational background, credit card information, bank account information, service usage history, access log, cookies, access IP information, payment history
Article 4 (Matters concerning the provision of personal information to third parties)
① The company shall process personal information only within the scope specified in Article 1 (Purpose of Processing Personal Information), and only if it is under Articles 17 and 18 of the Personal Information Protection Act, such as the consent of the data subject and special provisions of the Act, etc. provide personal information to third parties.
② The company provides personal information to third parties as follows.
Person to whom personal information is provided: Hirediversity Administrative Office, Hotel Shilla Co., Ltd.
Purpose of use of personal information by the recipient: Service use management
Personal information items provided: email, mobile phone number, home address, home phone number, gender, date of birth, name, educational background, credit card information, bank account information, service history, access log, cookies, access IP information, payment history
Period of retention and use of the recipient: 3 years
Article 5 (Procedure and method of destruction of personal information)
① The company destroys personal information without delay when personal information becomes unnecessary, such as the lapse of the personal information retention period or the achievement of the purpose of processing.
② Despite the lapse of the personal information retention period agreed to by the data subject or the purpose of processing has been achieved, if personal information must be preserved continuously in accordance with other laws and regulations, the personal information should be moved to a separate database (DB) or stored in a different location.
③ The procedures and methods for destroying personal information are as follows.
1.
Destruction procedure
The company selects personal information in which the reason for destruction occurs and destroys personal information with the approval of the company's personal information protection manager.
2.
Destruction method
Information in electronic file formats uses a technical method that does not allow records to be played back..
The personal information printed on the paper is destroyed by pulverizing it with a grinder
Article 6 (Measures concerning the destruction, etc. of personal information of non-users)
① The company switches users who have not used the service for one year to a dormant account and stores personal information separately. Personal information stored separately shall be stored for one year and destroyed without delay.
② The company notifies a member scheduled to be dormant, of the fact that the data will be stored separately, the scheduled date, and the personal information items that are stored separately, at least 30 days before the transition to a dormant member, by e-mail, text message, etc.
③ If you don't want to switch to a dormant account, you can log in to the service before being switched to a dormant account. In addition, even if you have switched to a dormant account, if you log in, you can restore the dormant account with the consent of the user to use the normal service.
Article 7(정보주체와 법정대리인의 권리·의무 및 그 행사방법에 관한 사항)
① Customers can access, modify, delete their personal information registered at the Website, or withdrawal of their consent to collection provided before at any time.
② Customers may access, modify, delete, or request withdrawal of their consent to collection by sending documents, e-mails or FAXs, according to the Article 41 paragraph 1 of the Personal Information Protection Act. Then, the Company shall take relevant measures without any delay.
③ Customers can requests access·modification·deletion through the agent like a ligal representative or a commisioned person. Customers need to submit the warrant to exercise their rights through the agent.
④ The customers rights to access or request withdrawal the consent to collection may be restricted according to the Article 35 paragraph 4 and Article 47 paragraph 2 of the Personal Information Protection Act.
⑤ The modification or the erasure is not permitted where the said personal information shall be collected by other statutes.
⑥ The Company will verify if the person is the customer themselves or the legimate representative, who requested access, modify, delete one’s personal information, or request withdrawal of one’s consent to collection.
Article 8 (Measures for Ensuring the Security of Personal Information)
The Company shall take technological/administrative/physical measures required for ensuring the security of personal information in accordance with Article 29 of the Personal Information Protection Act.
1.
Conducting regular self-audits
•
In order to secure the stability related to personal information handling, we conduct self-audits on a regular basis (once a quarter).
2.
Minimize and educate employees handling personal information
•
We are implementing measures to manage personal information by designating employees who handle personal information and minimizing it only to the person in charge.
3.
Establishment and implementation of internal management plan
•
An internal management plan is established and implemented for the safe processing of personal information.
4.
Technological measures against hacking
•
The Company shall install, regularly update, and check security porgrams to ensure that personal information is not leaked and damaged due to hacking or computer viruses. It shall also install systems in areas to which access from the outside is controlled, as well as technologically/physically inspect and block such areas.
5.
Encryption of personal information
•
Users’ personal information, including passwords, is stored and managed and is only known to the users who own that information. Important data is secured with separate features, such as the encryption and locking of files and transmitted data.
6.
Storage of access records and prevention of forgery
•
Records accessed to the personal information processing system are kept and managed for at least one year. If personal information is added, or unique identification information, or sensitive information is processed for at least two years. We also use security features to prevent forgery, theft, and loss of access records.
7.
Restricting access to personal information
•
We take necessary measures to control access to personal information by granting, changing, or canceling access to the database system that processes personal information, and using the intrusion prevention system to control unauthorized access from outside.
8.
Using Locks for Document Security
•
Documents containing personal information and auxiliary storage media are stored in a safe place with a lock.
9.
Access control for unauthorized persons
•
We set up and operate access control procedures for the physical storage place where personal information is stored separately.
Article 9(Collection of Personal Information via Cookies)
① The Website may install and operate cookies that store and frequently retrieve customers’ information.
② A cookie means a small amount of text files that a website sends to users’ computer browsers (Internet Explorer, and others).
a.
Purposes of using cookies: Analyzing the access frequency or staying time of users or popular search terms, identifying if the user uses the security access, etc.
b.
Operation of cookies and rejection of cookies: Customers can reject cookies directly change settings by clicking Tools > Internet Options > Personal Information tab on the upper menu of a web browser.
c.
If customers refuse to store cookies, they may not use some services that require them.
Article 10(Collection, use, provision and rejection of behavioral information)
① The Company collects and uses the behavioral information to provide customized services and benefits optimized for customers, and online customized advertisements in the process of using the service.
② The Company has the following purposes for collecting and using customers’ personal information:
•
List of behavioral informations to collect: User's website/app service visit history, search history, purchase history
•
Behavioral information collection method: Automatic collection when users visit/launch web site apps
•
Purpose of using behavioral information: Providing personalized product recommendation services (including advertisements) based on users' interests and tendencies
•
Retention/use period and information processing method afterwards: Destroy 1 year after collection date
Article 11(Criteria for determining additional use and provision)
According to the Article 15 paragraph 3 and Article 17 paragraph 4 of the Personal Information Protection Act, the Company can use and provides the additional personal information of customers under the Enforcement Decree of the Personal Information Protection Act without consent.
Therefore, the Company considered following matters in order to provide additional use and provision without the consent of consumers:
Whether the purpose of additional use and provision of personal information is related to the original purpose of collection Whether there is any predictability of additional use or provision in the context of the personal data collection circumstances or processing practices Whether the additional use and provision of personal information unfairly infringes on the interests of customers. Whether measures necessary for securing safety, such as pseudonym processing or encryption, have been taken.※ The criteria for determining the considerations for additional use and provision shall be prepared and disclosed autonomously by the business operator/organization.
Article 12(Chief Privacy Officer)
① The Company appoints the following chief privacy officer who is responsible for the handling of personal information and the handling of customers’ complaints regarding personal information and damage reliefs.
Chief Privacy Officer•
Name: YOO SEUNGHYEON
•
Title: Development team leader
•
Job grade: Team leader
•
Contact point: (phone) +82 70-7174-2129, (email) official@hirediversity.club
② Customers can contact the personal information protection manager and the department in charge of all personal information protection inquiries, complaints, and damage relief that occurred while using the service (or business) from the Company. The Company shall answer and process the customer’s inquiry without delay.
Article 13 (A remedy for Infringement of Customer's Rights and Interests)
Customers can apply for dispute resolution or consultation to receive relief from personal information infringement to the Personal Information Dispute Mediation Committee or The Korea Internet & Security Agency's Personal Information Infringement Report Center.
1.
Personal Information Dispute Mediation Committee: (Without national number) 1833-6972 (www.kopico.go.kr)
2.
Personal Information Infringement Report Center: (Without national number) 118 (privacy.kisa.or.kr)
3.
Prosecution Service: (Without national number) 1301 (www.spo.go.kr)
4.
Korean National Police Agency: Without national number) 182 (ecrm.cyber.go.kr)
In response to one's demand according to the Article 35, Article 36, Article 37 of the Personal Information Protection Act, a person who is infringed on his/her rights or interests due to disposition or omission by the head of a public institution may request an administrative trial as prescribed by the Administrative Appeals Act.
※ For more information on the administrative trial, please refer to the website of Central Administrative Appeals Commission(www.simpan.go.kr).