Woowa Brothers Co., Ltd. (hereunder, the 'Company') establishes and discloses the following privacy policy to protect the personal information of users and to resolve any complaints in a prompt and seamless manner in accordance with relevant laws and regulations including the Personal Information Protection Act.
Personal information of users is collected directly from users after obtaining their consent through a web page, email, fax, phone, etc.
(1) The Company collects and uses a name, email address, password, mobile phone number, name of company or school, industry, detailed role or major, and areas of interest upon user registration with WOOWACON.
(2) Additional personal information may be collected and used for and during the operation of WOOWACON conference and events. Personal information collected shall be used after obtaining the user’s consent.
(3) The following information may be automatically generated and collected, saved, combined, and analyzed in the user service processes.
- Examples of auto-collected information (generated data): access location information, cookies, unique device number, service usage history, access logs
(4) The company utilizes all collected personal information to provide services for the following purposes.
- Identify user, verify identity
- Operate and manage WOOWACON conference, improve service, and develop new services
- Handle customer complaints and provide customer care services
- Communicate notifications and disclosures
- Prevent illegal and fraudulent use cases
- Statistics and analysis of access history and service usage records
- Survey and manage user satisfaction
- Offer events and giveaways
- Provide customized services
- Use for marketing and promotion (provide advertising/event information)
(5) Personal information collected shall be retained and used for the following period.
- Destroy the information 6 months after the end of the conference or upon withdrawal of user consent
The Company shall only use personal information of users within the defined scope under the purposes of data collection and use and shall not utilize the information for out-of-scope purposes without prior consent of the users. In principle, personal information of users shall not be provided to any external parties, except for below exceptions.
① When the user has provided consent in advance
② When mandated by relevant laws or regulations, or requested by investigative authorities in line with the procedures and methods prescribed in relevant laws or regulations for investigations
(1) The Company outsources the handling of personal information of users as below to ensure improvement in our services, where necessary provisions are stipulated for its safe management under relevant laws and regulations.
(2) Outsourced vendors and requested services, regarding personal information of users, are described below.
| Outsourced Vendor | Details of Outsourced Services |
|---|---|
| NHN Corp., LG CNS Co., Ltd. | Send out SMS, email, and alert notifications |
(1) In principle, the Company shall destruct personal information without delay once the retention and usage periods are over and after fulfilling the prescribed purposes of personal information collection and use.
(2) The Company shall destruct the collected personal information without delay if the user withdraws his/her consent to the collection and use of the personal information.
(3) Despite the expiration of the retention period, as consented by the user, or fulfillment of the prescribed purposes, personal information may need to be stored for a given period in line with other laws, regulations, or internal policies. In such a case, the personal information shall be migrated to a separate DB or stored in a different storage location.
A. User information collected and used in accordance with laws and regulations
| Law/Regulation | Purpose of Retention or Use | Information to be Stored | Retention and Usage Period |
|---|---|---|---|
| Protection of Communications Secrets Act | Provided when requested by investigative authorities with court-approved warrant | Log records, Access locations, etc. | 3 months |
(4) The destruction process and method for personal information are described below.
① Destruction Process
The Company shall destruct personal information without delay from the time when the cause for destruction occurs until the predefined retention or usage period is over.
② Destruction Method
The Company shall either technically or physically destroy all personal information recorded or stored in an electronic file, so as to not alloy the recovery of such records or data, and shall shred or incinerate personal information printed on paper.
The company does not collect personal information of minors under the age of 14 to protect the personal information of children and adolescents.
(1) In principle, the user shall directly access, modify, and delete his/her personal information, where the Company shall provide the supporting features.
(2) The user and his/her legal representative may request to access, modify, or delete the personal information, whereby the Company shall take the necessary actions after verifying the identity of the requestor in line with the Company policy.
(3) When a user requests to correct erroneous personal information, the Company shall not use or provide such personal information until such modification is complete. Moreover, the Company shall immediately request third parties to make the necessary modifications in case the Company has already provided erroneous personal information to such third parties.
(4) The user shall maintain his/her latest personal information and shall be responsible for any issues arising from providing inaccurate information.
(5) Anyone opening/registering an account with stolen third-party personal information may lose his/her user rights or be subject to penalties under personal information protection laws or regulations.
(6) The user is responsible to ensure the safety of his/her personal information, including ID, password, and email address, and shall not transfer or lend such information to a third party. The user shall be liable for any issues arising from transferring or lending his/her personal information to any third parties.
(1) What are Cookies?
① The Company uses cookies that store and frequently load user information to provide personalized and customized services.
② Cookies are small-sized text files sent to the user browser by the server that runs the website, which are stored in the hard drive of the user's computer.
③ When the user re-visits the website, the website server will read the cookies stored on the hard drive of the user’s computer to maintain the user settings and provide customized services.
④ Cookies do not automatically/actively collect information that identifies the individual user, and the user may, at any time, refuse to store such cookies or delete them.
(2) Purpose of Using Cookies
Cookies are used to understand user visits to and usage patterns on different company services and websites, popular keywords, and the size of users, which is then used to provide optimized and customized information, including advertisements, to the user.
(3) Installation/Operation of Cookies and User Refusal
① Users have the option to decide the installation of cookies. They may choose to accept all cookies, check for each cookie whenever they are stored or refuse to store all cookies by changing the setting options in a web browser.
② However, refusing to save cookies may restrict some services of the Company that requires logging in.
③ Users may change settings for cookie installation (when using Internet Explorer) as described below:
A. From [Tools] menu, select [Internet Options]
B. Click on [Privacy] tab
C. Change cookie settings in [Advanced Privacy Settings]
The Company employs the following technical and administrative protection measures to ensure safety in processing users’ personal information including prevention of loss, theft, leakage, alteration, or damage of personal information.
(1) Encryption of important personal information
User passwords are stored and managed by one-way encryption, and inquiry and change of personal information is allowed only for the owner of the information who knows the password. Financial information of users (including bank account numbers) is stored and managed by applying strong, two-way encryption algorithms.
(2) Measures against attacks including hacking
① The Company is fully committed to preventing leakage of or damage to users’ personal information due to information network penetration by hacking or computer virus attacks.
② Latest virus vaccines are used to prevent the leakage of or damage to users’ personal information or data due to virus infections.
③ Access control devices such as intrusion prevention systems (IPS), are installed and operated to block illegal access to personal information.
④ Encrypted communications are used for sensitive personal information to ensure safe transmission over the network.
(3) Minimizing Handling of Personal Information and Training
The Company operates a minimum number of employees involved in the processing of personal information and emphasizes the importance of complying with laws, regulations, and internal policies by implementing administrative measures such as training to staff processing personal information.
(4) Operating a Team Dedicated to Personal Information Protection
The Company operates a Personal Information Protection Team to protect users’ personal information, reviews the implementation of personal information handling policies and compliance with relevant laws and regulations by its staff, and takes immediate actions to resolve any identified issues.
(1) The company designates the Personal Information Protection Officer and team in charge as below to oversee and take responsibility for all activities related to personal information processing, resolution of user complaints, and relief of damages.
(2) Users can contact the Personal Information Protection Officer or Data Security Team for any inquiries relating to personal information, handling of complaints, or relief of damages that may occur while using the services (or businesses) of the Company. The Company shall respond and take necessary actions on user inquiries without delay.
Users may contact the following institutions to inquire about damage relief and advisory services relating to personal information infringements. The following organizations are government-affiliated institutions. When unsatisfied with the handling of personal information complaints or the results of damage relief provided by the Company, please contact below institutions for support.
| Personal Information Infringement Report Center | Webpage: http://privacy.kisa.or.kr |
| Contact number: (without area code) 118 | |
| Personal Information Dispute Mediation Committee | Website: https://www.kopico.go.kr |
| Contact number: 1833-6972 | |
| Supreme Prosecutors' Office, Cybercrime Investigation Division | Webpage: http://www.spo.go.kr/ |
| Contact number: (without area code) 1301 | |
| Korean National Police Agency, Cyber Bureau | Webpage: http://cyberbureau.police.go.kr |
| Contact number: (without area code) 182 |
(1) The current Privacy Policy may be subject to change where necessary following changes in relevant laws, regulations, government policies, or internal policies. Any additions, deletions, or changes shall be disclosed via the ‘Notifications’ section of the Company webpage, not less than 7 days in advance to such changes. However, such disclosure shall be made not less than 30 days before the effective date should there be critical changes to the user rights.
(2) The current Privacy Policy shall become effective from September 13, 2022.