YIDO Terraone Co., Ltd. Privacy Policy

1. Purpose of Processing Personal Information

The Company processes personal information for the following purposes. Personal information processed will not be used for purposes other than those listed below, and prior consent will be obtained if the purpose of use changes.

1. Inquiry Reception and Processing
   Personal information is processed for the purpose of receiving, confirming, and responding to inquiries received through the website Contact Us (online inquiry).

2. Personal Information Collection Items, Methods, and Retention Period

1. Collection Items
   • Required: Name, Email address, Phone number, Subject, Inquiry content
   • Optional: Company name
2. Collection Method
   • Directly entered and submitted by users through the website Contact Us online inquiry form
3. Storage Location and Retention Period
   • Collected personal information is stored on YIDO Terraone Co., Ltd.'s internal servers.
   • Information will be destroyed without delay after 1 year from the time of inquiry reception.
   • However, if there is an obligation to preserve under relevant laws, the information will be retained for the period stipulated by such laws.

3. Provision of Personal Information to Third Parties

In principle, the Company processes users' personal information only within the scope specified in Article 1 and does not provide it to third parties without the user's prior consent.

However, the following cases are exceptions.

• When the user has given prior consent
• When required by law or when a law enforcement agency requests information in accordance with procedures and methods prescribed by law for investigative purposes

4. Rights and Obligations of Data Subjects and How to Exercise Them

1. Users may exercise the following personal information protection rights against the Company at any time.
   • Request to access personal information
   • Request for correction if there are errors
   • Request for deletion
   • Request to suspend processing
2. The rights under Paragraph 1 may be exercised via email to the Personal Information Protection Officer, and the Company will take action without delay.
3. If a data subject requests correction or deletion of personal information errors, the personal information will not be used or provided until processing is complete.
4. Rights may also be exercised through a legal representative or authorized agent, in which case a power of attorney in accordance with Form No. 11 of the Enforcement Rules of the Personal Information Protection Act must be submitted.

5. Destruction of Personal Information

The Company destroys personal information without delay when the purpose of processing has been achieved.

1. Destruction Procedure
   Information entered by users is stored for a certain period according to internal policies and relevant laws after the purpose has been achieved, and then destroyed. Destroyed personal information will not be used for other purposes except as required by law.
2. Destruction Deadline
   When the retention period has elapsed, destruction occurs within 5 days from the end date; when the information becomes unnecessary due to achievement of the processing purpose, destruction occurs within 5 days from the date of recognition.
3. Destruction Method
   Electronic files are deleted using technical methods that prevent recovery, and paper printouts are destroyed by shredding or incineration.

6. Measures to Ensure Safety of Personal Information

The Company implements the following technical, administrative, and physical measures necessary to ensure safety in accordance with Article 29 of the Personal Information Protection Act.

1. Minimization of Personal Information Processing Staff
   Personal information processing staff are designated and minimized for management.
2. Regular Internal Audits
   Regular internal audits (once per half-year) are conducted to ensure the safety of personal information processing.
3. Establishment and Implementation of Internal Management Plans
   Internal management plans for the safe processing of personal information are established and implemented.
4. Encryption of Personal Information
   Important data uses separate security functions such as file and transmission data encryption and file locking.
5. Technical Measures Against Hacking
   Security programs are installed and updated, systems are installed in controlled access areas, and technical and physical monitoring and blocking measures are taken.
6. Restriction of Access to Personal Information
   External unauthorized access is controlled through granting, changing, and revoking database access rights and intrusion prevention systems.
7. Control of Unauthorized Access
   Physical locations for storing personal information are separately designated, and access control procedures are established and operated.

7. 개인정보보호 책임자

회사는 개인정보 처리에 관한 업무를 총괄해서 책임지고, 개인정보 처리와 관련한 정보주체의 불만처리 및 피해구제 등을 위하여 아래와 같이 개인정보 보호책임자를 지정하고 있습니다.

※ 위 연락처로 개인정보 열람, 정정, 삭제 및 처리정지 요구 등을 접수하실 수 있습니다.

8. 개인정보 처리의 위탁

회사는 원활한 개인정보 업무처리를 위하여 다음과 같이 개인정보 처리 업무를 위탁하고 있습니다. 회사는 위탁을 받은 수탁업체에서 개인정보를 안전하게 처리하고, 회사의 보유 기간 정책에 따라 보유 및 이용하도록 관리·감독하고 있습니다.

9. 개인정보처리방침의 변경

본 개인정보처리방침은 시행일로부터 적용됩니다. 법령 및 방침 변경에 따른 내용 추가·삭제·정정이 있을 경우, 변경사항 시행 7일 전부터 홈페이지 공지사항을 통해 고지합니다.

10. 권익침해 구제방법

개인정보 침해로 인한 구제를 받기 위하여 아래 기관에 분쟁해결이나 상담을 신청하실 수 있습니다.

1. 개인정보분쟁조정위원회: (국번없이) 1833-6972 (www.kopico.go.kr)
2. 개인정보침해신고센터 (한국인터넷진흥원): (국번없이) 118 (privacy.kisa.or.kr)
3. 대검찰청 사이버수사과: (국번없이) 1301 (www.spo.go.kr)
4. 경찰청 사이버수사국: (국번없이) 182 (ecrm.cyber.go.kr)