Privacy Policy
<F.LAB>(hereinafter referred to as the "Company") is committed to protecting and respecting the privacy and rights of users in accordance with the Personal Information Protection Act.
To facilitate the smooth handling of user complaints related to personal information,
the Company has established the following privacy policy. Any changes to the Company's privacy policy will be announced through the website notice (or individual notice).
This policy will be effective from January 1, 2021.
1. Purpose of Personal Information Processing The Company processes personal information for the following purposes. Processed personal information will not be used for purposes other than the intended purpose, and if the purpose of use is changed, prior consent will be obtained.
a. Website member registration and management: The Company processes personal information for the purpose of self-identification, authentication, and prevention of fraudulent use of member services.
b. Handling of complaints: Personal information is processed for the purpose of verifying the identity of complainants, confirming complaints, contacting and notifying for fact-finding, and notifying the results of handling.
c. Provision of goods or services: Personal information is processed for the purpose of providing services.
d. Utilization in marketing and advertising: Personal information is processed for the purpose of confirming the effectiveness of services, understanding access frequency, or compiling statistics on member service usage.
2. Personal Information File Status
Personal information items: Email, mobile phone number, company phone number, position, department, company name, access logs, access IP information, legal representative's name
Collection method: Website
Basis for retention: Consent for personal information
Retention period: 3 years
Related laws: Records related to the collection/processing and use of credit
information: 3 years, Records related to consumer complaints or dispute resolution: 3 years, Records related to contracts or withdrawals: 5 years
3. Processing and Retention Period of Personal Information
① The Company processes and retains personal information within the period specified by law or the consent obtained from the data subject at the time of collection.
② The processing and retention periods for each category of personal information are as follows:
1. <Handling of complaints>
Personal information related to handling complaints is processed and retained for <3 years> from the date of consent for collection and use.
Basis for retention: Consent for personal information
Related laws:
1) Records related to consumer complaints or dispute resolution: 3 years
2) Records related to contracts or withdrawals: 5 years
Exception:
4. Matters Regarding the Provision of Personal Information to Third Parties
① The Company provides personal information to third parties only with the consent of the data subject or in cases specified by law under Articles 17 and 18 of the Personal Information Protection Act.
② The Company is currently providing personal information to the following third party:
1. Company
Recipient of personal information: Company
Purpose of personal information use: Email, mobile phone number, gender, date of birth, name, company phone number, position, department, company name, legal representative's name, legal representative's mobile phone number Retention and use period of the recipient: 3 years
5. Rights and Obligations of Information Subjects and Legal Representatives, and Methods of Exercise Users have the following rights as information subjects:
① Information subjects may exercise their rights to access, correct, delete, and request processing cessation of personal information at any time.
② The exercise of rights under paragraph 1 may be made in writing, by electronic mail, facsimile, etc., according to Article 41, paragraph 1 of the Enforcement Decree of the Personal Information Protection Act, and the Company will take prompt action.
③ The exercise of rights under paragraph 1 may be made through a legal representative or delegate. In this case, a power of attorney according to the form prescribed in Annex 11 of the Enforcement Rules of the Personal Information Protection Act must be submitted.
④ The Company verifies whether the person making the request for access, correction, or deletion is the information subject or a legitimate representative when processing requests for access, correction, or deletion of personal information.
⑤ The right to access, correction, and deletion may be restricted under Article 35, paragraph 5, and Article 37, paragraph 2 of the Personal Information Protection Act.
⑥ The Company follows the legal requirements to verify the identity of the information subject or legal representative when processing requests for access, correction, and deletion.
6. Items of Processed Personal Information
① The Company processes the following personal information:
1<Handling of complaints> Mandatory items: Email, mobile phone number, company phone number, position, department, company name, legal representative's name, legal representative's mobile phone number
- Optional items :
7. Destruction of Personal Information The Company generally destroys personal information as soon as the purpose of processing is achieved. The procedures, deadlines, and methods for destruction are as follows
- Destruction procedure
Information entered by the user is transferred to a separate DB (or paper document) after the purpose is achieved, and it is stored for a certain period according to internal policies and other relevant laws. Afterward, the information is destroyed or deleted immediately. Personal information transferred to the DB is not used for purposes other than those specified unless required by law.
- Destruction deadline
Personal information is destroyed within 5 days from the end of the retention period or the date when it is deemed unnecessary for processing, such as the achievement of the processing purpose, termination of the service, or closure of the business.
- Destruction method
Electronic files are technically rendered unrecoverable.
8. Installation, Operation, and Rejection of Automatic Collection Devices for Personal Information
The Company does not use "cookies" to store and retrieve user information.
9. Privacy Protection Manager
① The Company appoints the following privacy protection manager to take overall responsibility for personal information processing and handle information subject complaints and remedies related to personal information.
▶ Privacy Protection Manager
Name :
Position :
Title :
Contact :
② Information subjects can contact the Company's privacy protection manager and department for any inquiries, complaints, remedies, etc., related to personal information protection while using the Company's services or business. The Company will respond promptly to inquiries.
10. Changes to the Privacy Policy
① This privacy policy will be effective from the enforcement date, and any additions, deletions, or modifications due to changes in laws and policies will be announced through notices 7 days before the changes take effect.
11. Security Measures for Personal Information The Company, in accordance with Article 29 of the Personal Information Protection Act, implements the necessary technical, managerial, and physical measures to ensure the security of personal information.
1. Minimization and education of personal information handling employees: The Company designates and limits employees handling personal information to a minimum and implements measures to manage personal information.
2. Technical measures against hacking: The Company installs security programs to prevent leakage and damage of personal information due to hacking, computer viruses, etc. It regularly updates and checks these programs. The Company also establishes systems in controlled areas to prevent external access and monitors and blocks unauthorized access both technically and physically.
3. Encryption of personal information: User passwords are encrypted for storage and management, ensuring that only the user can know them. Important data is encrypted or additional security features, such as file encryption or file locking, are used.
4. Retention and prevention of tampering of access records: Access records to personal information processing systems are stored and managed for at least 6 months. Security functions are used to prevent tampering, theft, or loss of access records.
5. Access control for unauthorized persons: The Company establishes and operates a separate physical storage location for personal information and implements access control procedures.
To facilitate the smooth handling of user complaints related to personal information,
the Company has established the following privacy policy. Any changes to the Company's privacy policy will be announced through the website notice (or individual notice).
This policy will be effective from January 1, 2021.
1. Purpose of Personal Information Processing The Company processes personal information for the following purposes. Processed personal information will not be used for purposes other than the intended purpose, and if the purpose of use is changed, prior consent will be obtained.
a. Website member registration and management: The Company processes personal information for the purpose of self-identification, authentication, and prevention of fraudulent use of member services.
b. Handling of complaints: Personal information is processed for the purpose of verifying the identity of complainants, confirming complaints, contacting and notifying for fact-finding, and notifying the results of handling.
c. Provision of goods or services: Personal information is processed for the purpose of providing services.
d. Utilization in marketing and advertising: Personal information is processed for the purpose of confirming the effectiveness of services, understanding access frequency, or compiling statistics on member service usage.
2. Personal Information File Status
Personal information items: Email, mobile phone number, company phone number, position, department, company name, access logs, access IP information, legal representative's name
Collection method: Website
Basis for retention: Consent for personal information
Retention period: 3 years
Related laws: Records related to the collection/processing and use of credit
information: 3 years, Records related to consumer complaints or dispute resolution: 3 years, Records related to contracts or withdrawals: 5 years
3. Processing and Retention Period of Personal Information
① The Company processes and retains personal information within the period specified by law or the consent obtained from the data subject at the time of collection.
② The processing and retention periods for each category of personal information are as follows:
1. <Handling of complaints>
Personal information related to handling complaints is processed and retained for <3 years> from the date of consent for collection and use.
Basis for retention: Consent for personal information
Related laws:
1) Records related to consumer complaints or dispute resolution: 3 years
2) Records related to contracts or withdrawals: 5 years
Exception:
4. Matters Regarding the Provision of Personal Information to Third Parties
① The Company provides personal information to third parties only with the consent of the data subject or in cases specified by law under Articles 17 and 18 of the Personal Information Protection Act.
② The Company is currently providing personal information to the following third party:
1. Company
Recipient of personal information: Company
Purpose of personal information use: Email, mobile phone number, gender, date of birth, name, company phone number, position, department, company name, legal representative's name, legal representative's mobile phone number Retention and use period of the recipient: 3 years
5. Rights and Obligations of Information Subjects and Legal Representatives, and Methods of Exercise Users have the following rights as information subjects:
① Information subjects may exercise their rights to access, correct, delete, and request processing cessation of personal information at any time.
② The exercise of rights under paragraph 1 may be made in writing, by electronic mail, facsimile, etc., according to Article 41, paragraph 1 of the Enforcement Decree of the Personal Information Protection Act, and the Company will take prompt action.
③ The exercise of rights under paragraph 1 may be made through a legal representative or delegate. In this case, a power of attorney according to the form prescribed in Annex 11 of the Enforcement Rules of the Personal Information Protection Act must be submitted.
④ The Company verifies whether the person making the request for access, correction, or deletion is the information subject or a legitimate representative when processing requests for access, correction, or deletion of personal information.
⑤ The right to access, correction, and deletion may be restricted under Article 35, paragraph 5, and Article 37, paragraph 2 of the Personal Information Protection Act.
⑥ The Company follows the legal requirements to verify the identity of the information subject or legal representative when processing requests for access, correction, and deletion.
6. Items of Processed Personal Information
① The Company processes the following personal information:
1<Handling of complaints> Mandatory items: Email, mobile phone number, company phone number, position, department, company name, legal representative's name, legal representative's mobile phone number
- Optional items :
7. Destruction of Personal Information The Company generally destroys personal information as soon as the purpose of processing is achieved. The procedures, deadlines, and methods for destruction are as follows
- Destruction procedure
Information entered by the user is transferred to a separate DB (or paper document) after the purpose is achieved, and it is stored for a certain period according to internal policies and other relevant laws. Afterward, the information is destroyed or deleted immediately. Personal information transferred to the DB is not used for purposes other than those specified unless required by law.
- Destruction deadline
Personal information is destroyed within 5 days from the end of the retention period or the date when it is deemed unnecessary for processing, such as the achievement of the processing purpose, termination of the service, or closure of the business.
- Destruction method
Electronic files are technically rendered unrecoverable.
8. Installation, Operation, and Rejection of Automatic Collection Devices for Personal Information
The Company does not use "cookies" to store and retrieve user information.
9. Privacy Protection Manager
① The Company appoints the following privacy protection manager to take overall responsibility for personal information processing and handle information subject complaints and remedies related to personal information.
▶ Privacy Protection Manager
Name :
Position :
Title :
Contact :
② Information subjects can contact the Company's privacy protection manager and department for any inquiries, complaints, remedies, etc., related to personal information protection while using the Company's services or business. The Company will respond promptly to inquiries.
10. Changes to the Privacy Policy
① This privacy policy will be effective from the enforcement date, and any additions, deletions, or modifications due to changes in laws and policies will be announced through notices 7 days before the changes take effect.
11. Security Measures for Personal Information The Company, in accordance with Article 29 of the Personal Information Protection Act, implements the necessary technical, managerial, and physical measures to ensure the security of personal information.
1. Minimization and education of personal information handling employees: The Company designates and limits employees handling personal information to a minimum and implements measures to manage personal information.
2. Technical measures against hacking: The Company installs security programs to prevent leakage and damage of personal information due to hacking, computer viruses, etc. It regularly updates and checks these programs. The Company also establishes systems in controlled areas to prevent external access and monitors and blocks unauthorized access both technically and physically.
3. Encryption of personal information: User passwords are encrypted for storage and management, ensuring that only the user can know them. Important data is encrypted or additional security features, such as file encryption or file locking, are used.
4. Retention and prevention of tampering of access records: Access records to personal information processing systems are stored and managed for at least 6 months. Security functions are used to prevent tampering, theft, or loss of access records.
5. Access control for unauthorized persons: The Company establishes and operates a separate physical storage location for personal information and implements access control procedures.