KR
EN
JP
○ This policy is effective from December 30, 2020.
1. Purpose of Processing Personal Information
A. Website Membership Registration and Management
Personal information is processed for the purposes of confirming the intention to join, identifying and authenticating the identity for the provision of membership services, maintaining and managing membership, verifying identity under the limited identity verification system, various notices and notifications, and preserving records for dispute resolution.
B. Handling of Civil Complaints
Personal information is processed for verifying the complainant's identity, checking the complaint, contacting and notifying for fact-finding, and notifying the processing results.
C. Provision of Goods or Services
Personal information is processed for the purposes of service provision, content provision, and customized service provision.
D. Use for Marketing and Advertising
Personal information is processed for developing new services (products) and providing customized services, providing events and advertising information and participation opportunities, and verifying the validity of the service.
E. Personal Image Information
Personal information is processed for crime prevention and investigation.
2. Status of Personal Information Files
- 1. Personal Information File Name: XISOM_Privacy_Policy
- Personal Information Items: Email, mobile phone number, home address, home phone number, password question and answer, password, login ID, gender, name, company phone number, position, department, company name, access log, cookies, access IP information
- Collection Method: Website, Phone/Fax
- Basis for Retention: Member identity verification, crime prevention, and preservation for resolution
- Retention Period: 3 years
- Related Laws: Records on the collection/processing and use of credit information: 3 years, Records on consumer complaints or dispute resolution: 3 years
3. Processing and Retention Period of Personal Information①
- 1.
- Personal information related to
is retained and used for the above purposes for <3 years> from the date of consent to collection and use. - Basis for Retention: Member identity verification, crime prevention, and preservation for resolution
- Related Laws: 1) Records on the collection/processing and use of credit information: 3 years2) Records on consumer complaints or dispute resolution: 3 years
- Exceptions: Upon direct request for information destruction by the individual or when it is deemed difficult to operate the company
4. Provision of Personal Information to Third Parties ①
②
- 1.
- Recipient of personal information: XISOM
- Recipient's purpose of using personal information: Email, mobile phone number, home address, home phone number, password question and answer, password, login ID, gender, name, company phone number, position, department, company name, access log, cookies, access IP information
- Recipient's retention and use period: 3 years
5. Rights and Obligations of Data Subjects and Legal Representatives and Exercise Methods As a personal information subject, users may exercise the following rights.
① The data subject can exercise rights to XISOM at any time, such as requesting access, correction, deletion, or suspension of processing of personal information.
② The exercise of rights pursuant to Paragraph 1 can be done in writing, by email, or by fax to XISOM in accordance with Article 41, Paragraph 1 of the Enforcement Decree of the Personal Information Protection Act, and XISOM will take action without delay.
③ The exercise of rights pursuant to Paragraph 1 may be done through a legal representative or a delegated person. In this case, a power of attorney according to Form 11 of the Enforcement Rules of the Personal Information Protection Act must be submitted.
④ Requests for access and suspension of processing of personal information may restrict the rights of the data subject pursuant to Article 35, Paragraph 5 and Article 37, Paragraph 2 of the Personal Information Protection Act.
⑤ A request for correction or deletion of personal information cannot be made if the personal information is specified as a collection target in other laws.
⑥ XISOM verifies whether the person making the request, such as a request for access, correction/deletion, or suspension of processing according to the data subject's rights, is the person themselves or a legitimate representative.
6. Items of Personal Information Processed ①
- 1.
- Required Items: Email, mobile phone number, home address, home phone number, password question and answer, password, login ID, gender, name, company phone number, position, department, company name, access log, cookies, access IP information
- - Optional Items:
7. Destruction of Personal Information
- Destruction ProcedureInformation entered by the user is moved to a separate DB after the purpose is achieved (separate document in the case of paper) and is stored for a certain period according to internal policies and other related laws or destroyed immediately. At this time, personal information moved to the DB is not used for other purposes unless required by law.- Destruction DeadlineThe user's personal information is destroyed within 5 days from the end of the retention period if the retention period has elapsed, and within 5 days from the date when the processing of personal information is recognized as unnecessary, such as achieving the purpose of processing personal information, abolishing the service, or ending the business.
- Destruction Method
Information in the form of electronic files uses technical methods that cannot reproduce records.
Personal information printed on paper is destroyed by shredding or incineration.8. Installation, Operation, and Refusal of Automatic Personal Information Collection Devices
① XISOM uses 'cookies' that store and frequently retrieve user information to provide customized services. ② Cookies are a small amount of information sent by the server (http) used to operate the website to the user's computer browser, and may also be stored on the hard disk of the user's PC. A. Purpose of using cookies: They are used to provide optimized information to users by identifying the visit and use forms, popular search terms, secure connection status, etc. of each service and website visited by the user. B. Installation, operation, and refusal of cookies: You can refuse to store cookies through the option settings in the Tools > Internet Options > Privacy menu at the top of the web browser. C. If you refuse to store cookies, you may experience difficulties using customized services.
9. Personal Information Protection Officer
① XISOM (hereinafter 'www.xisom.com' or 'Company Website') is responsible for overseeing the processing of personal information and has designated a personal information protection officer to handle complaints and remedy damages related to the processing of personal information.
- ▶ Personal Information Protection Officer
- Name: Boram Kim
- Position: Manager
- Title: Manager
- Contact: 042-335-4560, st3052@xisom.com, 042-335-4561
※ This connects to the Personal Information Protection Department.
- ▶ Personal Information Protection Department
- Department Name: Automation Business Dept.
- Person in Charge: Boram Kim
- Contact: 042-335-4560, st3052@xisom.com, 042-335-4561
② Data subjects can inquire about all personal information protection-related matters, complaint handling, damage relief, etc., that occur while using the services (or business) of XISOM (hereinafter 'www.xisom.com' or 'Company Website') to the Personal Information Protection Officer and the responsible department. XISOM (hereinafter 'www.xisom.com' or 'Company Website') will reply and handle inquiries without delay.
10. Changes to the Privacy Policy
① This Privacy Policy applies from the effective date, and if there are additions, deletions, and corrections of changes according to laws and policies, they will be notified through announcements 7 days before the implementation of the changes.
11. Measures to Ensure the Safety of Personal Information
1. Regular Self-Audits We conduct self-audits regularly (once a quarter) to secure stability related to the handling of personal information.2. Minimization and Training of Employees Handling Personal Information We are implementing measures to manage personal information by designating employees who handle personal information and minimizing them to only those in charge.3. Establishment and Implementation of Internal Management Plan We have established and are implementing an internal management plan for the safe processing of personal information.4. Technical Measures Against Hacking <XISOM> ('Company Website') installs security programs to prevent personal information leakage and damage caused by hacking or computer viruses, performs periodic updates and inspections, installs systems in areas where access from the outside is controlled, and technically/physically monitors and blocks them.5. Encryption of Personal Information The user's personal information and password are encrypted, stored, and managed, so only the user knows it. For important data, separate security functions such as encrypting files and transmitted data or using a file lock function are used.6. Storage of Access Records and Prevention of Forgery Records of access to the personal information processing system are kept and managed for at least 6 months, and security functions are used to prevent access records from being forged, stolen, or lost.7. Restriction of Access to Personal Information Necessary measures are taken to control access to personal information by granting, changing, and canceling access rights to the database system that processes personal information, and unauthorized access from the outside is controlled using an intrusion prevention system.8. Use of Locks for Document Security Documents and auxiliary storage media containing personal information are stored in a safe place with a lock.9. Access Control for Unauthorized Persons We have a separate physical storage location for personal information and establish and operate access control procedures for it.