Article 1. Items of Personal Information Managed, Purpose of Management and Retention Period
The items of the personal information managed by NOUL, the purpose of management of personal information and the period of management and holding thereof shall be as follows.
– Items of Personal Information Managed : name, email
– Purpose of Management of Personal Information : To respond to inquiries, to provide after-sales services
– Retention Period : Until the purpose of collecting personal information is achieved or until the client or prospective client requests the destruction of his/her personal information.
Article 2. Transfer of Personal Information to Third Parties
1. The personal information of the individuals to whom the information relates (“data subject(s)”) will be used by NOUL solely for the purposes set forth in Article 1 above. NOUL will not use personal information beyond the original scope of such purpose or transfer personal information to any third party except in the following circumstances:
1) If any separate consent is obtained from the data subject;
2) If there are special provisions under laws or if it is inevitable in order to perform obligations under laws;
3) If the data subject or its legal representative is not in a position to express its intention or a prior notice cannot be obtained due to an unknown address, etc. and it is explicitly acknowledged that such use or provision of personal information is urgently necessary for the benefit of the life, body, or property of any data subject or any third party;
4) If any personal information is necessary for the purpose of gathering statistics, academic research, etc. and such personal information is provided in a manner that individuals cannot be identified.
2. NOUL shall inform the data subject of the following when obtaining consent under subparagraph 1) of Paragraph 1. If there is any change in any of the following, NOUL shall inform the data subject of such change and obtain consent therefrom.
1) The person who are provided with personal information;
2) The purposes of using personal information (when personal information is provided, the purposes of using by the person to whom personal information is provided);
3) Items of personal information that is used or provided;
4) The retention period of the personal information (the recipient’s retention period for the personal information);
5) The fact that the data subject is entitled to refuse to grant consent and the details of disadvantage (if any) arising from a refusal to grant consent.
Article 3. Entrustment of Management of Personal Information
Article 4. Rights and Obligations of Data Subjects
1. The data subject may request that his/her personal information used by NOUL be available for inspection. However, NOUL may restrict or refuse such inspection for the following reasons:
1) If any inspection is prohibited or restricted under laws;
2) If any inspection of personal information is likely to cause harm to the life or body of other person or likely to infringe unrea-sonably on the property or other interest of other person.
2. Any data subject who inspected his/her personal information under Paragraph 1 above may request that NOUL delete or correct such information. However, no such request for deletion can be made if the personal information concerned is required to be collected under express provisions of applicable law or regulations.
3. Within 10 days after NOUL receives a request to correct or delete personal information under Paragraph 2 above, NOUL will inform the data subject concerned of the status of the correction or deletion, if any, performed by NOUL. If NOUL refuses to meet such request, it will notify the data subject, explaining the reasons for its refusal and what the data subject may do to raise an objection.
4. Any data subject may request NOUL to suspend managing its personal information. Provided, however, in any of the following cases or if there is any justifiable reason, NOUL may turn down such request for the suspension of management of personal information by notifying the data subject of the reasons therefor.
1) If there are special provisions under laws or if it is inevitable in order to perform obligations under laws;
2) If it is likely to do harm to the life or body of other person or it is likely to infringe unreasonably on the property or other interest of other person;
3) If the failure to use the personal information will make it difficult for NOUL to provide the agreed services with the data subject or otherwise perform any agreement with the data subject, and the data subject has not clearly indicated an intent to terminate such agreement.
5. Within 10 days after the receipt of a request for suspension of management of personal information from any data subject under Paragraph 4, if any measures were taken to suspend the management of relevant personal information, NOUL shall notify the data subject of the details of the measures taken. If NOUL does not act on such request, NOUL shall notify the data subject of the reasons therefor and the ways to raise an objection with the notice above.
6. Any data subject may exercise his/her rights under this Article through his/her legal representative, any other appointee or agent, subject to the submission of a power of attorney in the form of Form No. 11 of the Enforcement Rules to the Personal Information Protection Act.
Article 5. Destruction of Personal Information
1. NOUL will promptly destroy personal information that is no longer needed, including when the purpose of collecting personal information is achieved or the retention period under Article 1 has expired.
2. The printouts, documents, etc. on which personal information is written shall be destroyed through crushing or incineration, and any personal information in an electronic file shall be destroyed by deleting such information permanently in a way that is impossible to restore such personal information
Article 6. Measures to Secure Safety of Personal Information
NOUL shall take technical, administrative and physical measures necessary to secure safety as follows under Article 29 of the Personal Information Protection Act.
1. NOUL designates an employee who manages personal information and allows only such employee to manage personal information.
2. NOUL takes measures necessary to control access to personal information by granting, changing or cancelling accessing right to database system that manages personal information and controls unauthorized access from outsiders by using firewall system.
3. NOUL keeps the documents, auxiliary storage device, etc containing personal information in a safe place with locking system.
Article 7. Department Responsible for the Protection of Personal Information
1. Department responsible for the protection of personal information is as follows:
– Department: IT/Security
– Contact Numbers : T 070-4352-5998, F 031-893-6672
– Email : firstname.lastname@example.org
2. The data subject may contact the department above regarding inquiry on personal information protection, complaints, relief, etc. that may arise in the course of the use of NOUL services. NOUL will promptly respond to and handle any such inquires raised by data subjects.
Article 8. Installation, Operation and Refusal of Cookies
1. Cookies are small files which the server of a website sends and stores on the user’s computer hard disc for the operation of a website. The data subject may decide to allow the installation and collection of cookies or may refuse the collection of cookies.
2. To manage your cookie settings:
1) For Internet Explorer : Select “Tool” (at the top of the web browser) > “Internet Option” > “Personal Information” > select setting
2) For Chrome : Select “Chrome Setting and Control“(at the upper-right side of the web browser ) > “Setting” > “Advanced” > “Contents Setting” in the “Personal Information and Security” section > select setting in the cookie section
NOUL shall continue to disclose any change in personal information management policies, time of implementation thereof and the details of such change.