Privacy Policy
FNS Value Co., Ltd. (hereinafter referred to as the "Company") establishes and discloses a privacy policy as follows to protect the personal information of the data subject and to handle related grievances quickly and smoothly pursuant to Article 30 of the Personal Information Protection Act.
The FNS Value Company's privacy policy contains the following.
Article 1 The purposes for which personal information is processed
Article 2 The period for processing and retaining personal information
Article 3 The particulars of personal information being processed
Article 4 Provision of personal information to a third party
Article 5 Outsourcing personal information processing
Article 6 Procedures and methods for destroying personal information
Article 7 The rights and obligations of data subjects and legal representatives, and how to exercise such rights
Article 8 Measures to ensure safety of personal information
Article 9 Installation and operation of an automatic collection tool for personal information and denial thereof
Article 10 Privacy Officers
Article 11 Department that receives and processes requests for access to personal information
Article 12 Measure of remedy for infringement of rights and interests of data subjects
Article 13 Changes to the Privacy Policy
Article 1 (The purposes for which personal information is processed)
The company processes personal information for the following purposes. The personal information being processed will not be used for any purpose other than the following, and if the purpose of use is changed, necessary measures will be implemented, such as obtaining separate consent under Article 18 of the Personal Information Protection Act.
1. BSA Service
Personal information is processed for the purpose of confirming membership, identifying and certifying themselves according to the provision of membership services, maintaining and managing membership qualifications, preventing fraudulent use of services, verifying service validity, frequency of access, or statistics on members' service use.
Article 2 (The period for processing and retaining personal information)
① The company processes and retains personal information within the period of personal information retention and use under the Act or within the period of personal information retention and use agreed upon when collecting personal information from the data subject. ② The processing and retention period of each personal information is as follows.
1. BSA Service
Personal information related to the BSA service is retained and used for the purpose of use above from the date of consent to collection and use to the time of withdrawal of membership.
- Grounds for retention: Article 15 of the Personal Information Protection Act (Collection and Use of Personal Information) Paragraph 1
Article 3 (The particulars of personal information being processed)
① The company is processing the following personal information items.
1. BSA Services
- Required items: name, login ID, mobile phone number, email, device information (device ID)
- Selections: Not Applicable
Article 4 (Provision of personal information to a third party)
① The company processes personal information only within the scope specified in Article 1 (The purposes for which personal information is processed), and provides personal information to third parties only if it falls under Articles 17 and 18 of the Personal Information Protection Act, such as consent of the data subject and special provisions of the law.
② The company may provide personal information to related agencies without the consent of the data subjects in the event of an emergency such as a disaster, an infectious disease, an urgent life or physical risk, or an urgent loss of property
Article 5 (Outsourcing personal information processing)
② The company does not outsource the processing of personal information.
② If the contents of the entrusted work or the trustee changes, we will disclose it through this privacy policy without delay
Article 6 (Procedures and methods for destroying personal information)
① When personal information becomes unnecessary, such as the expiration of the personal information retention period and the achievement of the purpose of processing, the company destroys the personal information without delay.
② If the personal information period agreed by the data subjects has elapsed or the purpose of processing has been achieved, the personal information shall be transferred to a separate database (DB) or stored differently.
③ The procedure and method of destroying personal information are as follows.
1. Procedure
The company selects personal information that has caused the reason for destruction and destroys the personal information with the approval of the company's personal information protection manager.
2. Method
- Personal information printed on paper is destroyed by crushing with a shredder or incineration.
- Information in the form of electronic files uses a technical method in which records cannot be reproduced
Article 7 (The rights and obligations of data subjects and legal representatives, and how to exercise such rights)
① Data subjects have the right to access, correct, delete, and request the cessation of processing of their personal information from the company at any time.
② The exercise of rights under paragraph (1) may be conducted in writing, e-mail, fax, etc. according to Article 41 (1) of the Enforcement Decree of the Personal Information Protection Act, and the company will take action without delay.
③ The exercise of rights under paragraph (1) may be conducted through a legal representative of the data subject or an agent, such as a person delegated. In this case, "Notification of the method of processing personal information (No. 2020-7)" You have to submit a power of attorney according to attached Form 11.
④ The rights of the data subjects may be restricted pursuant to Articles 35 (4) and 37 (2) of the Personal Information Protection Act.
⑤ Requests for correction and deletion of personal information cannot be requested if other laws specify that the personal information is subject to collection.
⑥ The company checks whether it is the person who made the request, such as a request for access according to the right of the data subject, a request for correction or deletion, or a request for suspension of processing.
Article 8 (Measures to ensure safety of personal information)
The company is taking the following measures to ensure the safety of personal information.
1. Establishment and implementation of internal management plan
We have established and implemented an internal management plan for the safe processing of personal information.
2. Minimize and train personal information handling staff
We are implementing measures to manage personal information by designating employees who handle personal information and minimizing them by limiting them to those in charge.
3. Conduct regular self-audit
In order to secure stability related to personal information handling, we conduct self-audit regularly (once a quarter).
4. Restriction of access to personal information
We take necessary measures to control access to personal information by granting, changing, and canceling access to the database system that processes personal information, and use the intrusion prevention system to control unauthorized access from outside.
5. Storage of access records and prevention of forgery
Records accessed to the personal information processing system are kept and managed for at least one year, but if personal information is added to more than 50,000 data subjects, or unique identification or sensitive information is processed, it is kept and managed for more than two years. In addition, we use security features to prevent forgery, theft, and loss of access records.
6. encryption of personal information
The user's device information is encrypted, stored, and managed, so only you can know it, and important data uses separate security functions such as encrypting files and transmission data.
7. Technical countermeasures against hacking, etc
In order to prevent personal information leakage and damage caused by hacking or computer viruses, the company installs security programs, periodically renews and checks, installs systems in areas where external access is controlled, and technically and physically monitors and blocks them.
8. access control for unauthorized persons
There is a separate physical storage place where personal information is stored, and access control procedures are established and operated.
9. Using Lockers for Document Security
Documents and auxiliary storage media containing personal information are stored in a safe place with a lock.
Article 9 (Installation and operation of an automatic collection tool for personal information and denial thereof)
1. In order to provide individual customized services to users, the company uses 'cookie' that stores usage information and calls it from time to time.
2. Cookies are a small amount of information sent by the server (http) used to run the website to the user's computer browser and are also stored on the user's hard disk within the user's PC computer.
1) Purpose of Use of Cookies
It is used to provide optimized service by storing the user's ID.
2) Install/Operate and Reject Cookies
You can refuse to save cookies by setting options on the Tools > Internet Options > Privacy menu at the top of your web browser.
3) Refusing to save cookies may cause difficulties in using customized services.
Article 10 (Privacy Officers)
① The company is in charge of personal information processing and designates a person in charge of personal information protection as follows to handle complaints and remedy damages related to personal information processing.
▶ Personal Information Protection Officer
ᄋ Name: Han Sung-min
ᄋ Position: Information Security Officer
ᄋ Rank: Director
ᄋ Contact: 02-303-3885, smhan@fnsvalue.co.kr, 02-304-3885
▶ Personal Information Protection Department
ᄋ Department name: Solution Business Department
ᄋ Person in charge: Choi Soo-young
ᄋ Contact: 02-303-3885, syc0623@fnsvalue.co.kr, 02-304-3885
② The data subjects can contact the person in charge of personal information protection and the department in charge of all personal information protection inquiries, complaints, damage relief, etc. arising from using the company's service (or business). The company will respond and handle inquiries from the data subjects without delay.
Article 11 (Department that receives and processes requests for access to personal information)
The data subject may request the following department to access personal information under Article 35 of the 「Personal Information Protection Act」. The company will try to expedite the request for access to personal information by the data subject.
▶ Personal Information Access Request Receipt and Processing Department
ᄋ Department name: Management support department
ᄋ Person in charge: Kim Joo-hyun
ᄋ Contact: 02-303-3885, fnsvalue@fnsvalue.co.kr, 02-304-3885
Article 12 (Measure of remedy for infringement of rights and interests of data subjects)
In order to receive relief for personal information infringement, the data subject may apply for dispute resolution or consultation with the Personal Information Dispute Mediation Committee, the Korea Internet & Security Agency's Personal Information Infringement Reporting Center, etc.
Please contact the following institution for other reports and counseling on personal information infringement
1. Personal Information Dispute Mediation Committee: 1833-6972 (www.kopico.go.kr)
2. Personal Information Infringement Reporting Center: (without country number) 118 (privacy.kisa.or.kr)
3. Supreme Prosecutors' Office: (without country number) 1301 (www.spo.go.kr)
4. National Police Agency: (without country number) 182 (ecrm.cyber.go.kr)
Articles 35 (access to personal information) and 36 (Rectification or Erasure of Personal Information) of the Personal Information Protection Act, A person who has been infringed on rights or interests due to a disposition or omission made by the head of a public institution in response to a request under Article 37 (Suspension of Processing of Personal Information, etc.) may request an administrative trial as prescribed by the Administrative Appeals Act.
※ For more information on administrative trials, please refer to the website of the Central Administrative Appeals Committee (www.simpan.go.kr).
Article 13 (Changes to the Privacy Policy)
① This privacy policy will take effect on August 1, 2023.