privacy policy
privacy policy
Article 1 (Purpose)
Dodlab, Inc. (hereinafter referred to as the “Company”) collects information (hereinafter referred to as “personal information”) of individuals (hereinafter referred to as “users” or “individuals”) who use the services (hereinafter referred to as “company services”) that the company seeks to provide. '), we comply with related laws such as the Personal Information Protection Act and the Act on Promotion of Information and Communications Network Utilization and Information Protection, etc. (hereinafter referred to as the 'Information and Communications Network Act'), and promptly and smoothly handle service users' grievances related to personal information protection. In order to do so, we establish a personal information processing policy (hereinafter referred to as “this policy”) as follows.
Article 2 (Principles of personal information processing)
In accordance with personal information-related laws and this policy, the company may collect users' personal information, and the collected personal information may be provided to third parties only with the individual's consent. However, if legally enforced by laws, regulations, etc., the company may provide the collected user's personal information to a third party without the individual's prior consent.
Article 3 (Disclosure of this policy)
- The company discloses this policy through the first screen of the company website or a link to the first screen so that users can easily check this policy at any time.
- When the company discloses this policy in accordance with Paragraph 1, it uses font size, color, etc. to allow users to easily check this policy.
Article 4 (Changes to this policy)
- This policy may be revised in accordance with changes in personal information-related laws, guidelines, notices, or policies or contents of government or company services.
- If the company revises this policy in accordance with Paragraph 1, it will announce it in one or more of the following ways.
- a. A method of making announcements through the notice section on the first screen of the company's Internet homepage or through a separate window.
- b. Method of notifying users in writing, facsimile, e-mail, or similar methods
- The company will announce the notice in Paragraph 2 at least 7 days prior to the effective date of the revision to this policy. However, if there are significant changes to user rights, notice will be provided at least 30 days in advance.
Article 5 (Information for membership registration)
The company collects the following information to enable users to register for the company's services.
- Required information collected: email address, password and name
- Optional information collected: Mobile phone number
Article 6 (Information for providing company services)
The company collects the following information to provide the company's services to users.
- Required collected information: ID and email address
Article 7 (Personal Information Collection Method)
The company collects users’ personal information in the following ways.
- How users enter their personal information on the company’s website
- A method in which users enter their personal information through services other than the website provided by the company, such as applications.
Article 8 (Use of Personal Information)
The company uses personal information in the following cases.
- When necessary for company operation, such as delivery of notices
- To improve services for users, such as responding to usage inquiries and handling complaints
- To provide the company’s services
- To ensure smooth operation of the service, including restrictions on use and fraudulent use of members who violate laws and company terms and conditions.
Article 9 (Retention and use period of personal information)
- The company retains and uses personal information of users for the period to achieve the purpose of collection and use of personal information.
- Notwithstanding the preceding paragraph, in accordance with the company's internal policy, records of illegal service use are kept for up to one year from the time of membership withdrawal to prevent illegal registration and use.
Article 10 (Retention and use period of personal information in accordance with laws)
The company retains and uses personal information as follows in accordance with relevant laws and regulations.
- Information and retention period in accordance with the Act on Consumer Protection in Electronic Commerce, etc.
- a. Records on contracts or subscription withdrawals, etc.: 5 years
- b. Records of payment and supply of goods, etc.: 5 years
- c. Records of consumer complaints or dispute resolution: 3 years
- d. Records of labeling and advertising: 6 months
- Information retained and retention period according to the Communications Secrets Protection Act
- a. Website log record data: 3 months
- Information and retention period according to the Electronic Financial Transactions Act
- a. Records of electronic financial transactions: 5 years
- Act on the protection and use of location information, etc.
- a. Records of personal location information: 6 months
Article 11 (Principle of destruction of personal information)
In principle, when personal information is no longer needed, such as when the purpose of processing a user's personal information has been achieved or when the retention/use period has expired, the company destroys the information without delay.
Article 12 (Personal Information Destruction Procedure)
- The information entered by the user for membership registration, etc. is transferred to a separate DB (in the case of paper, a separate filing cabinet) after the purpose of personal information processing is achieved and stored (retention and retention) in accordance with the internal policy and other relevant laws and regulations. (See period of use) It is stored for a certain period of time and then destroyed.
- The company destroys personal information for which there is a reason for destruction through the approval process of the personal information protection manager.
Article 13 (Method of destroying personal information)
The company deletes personal information stored in electronic file format using technical methods that render the record unrecoverable, and personal information printed on paper is destroyed by shredding or incineration.
Article 14 (Measures to transmit advertising information)
- When transmitting advertising information for commercial purposes using electronic transmission media, the company obtains the user's explicit prior consent. However, prior consent will not be obtained in any of the following cases.
- a. If the company collects contact information directly from the recipient through a transaction relationship for goods, etc., if the company intends to transmit for-profit advertising information about goods of the same type as those processed and transacted with the recipient within 6 months from the end of the transaction.
- b. When a telephone solicitation seller pursuant to the Act on Door-to-Door Sales, etc. informs the recipient of the source of personal information collection and makes a telephone solicitation.
- Notwithstanding the preceding paragraph, if the recipient expresses an intention to refuse receipt or withdraws prior consent, the Company will not transmit advertising information for commercial purposes and will notify the recipient of the processing results for refusal to receive information or withdrawal of consent.
- Notwithstanding Paragraph 1, if the Company transmits advertising information for commercial purposes using electronic transmission media between 9:00 PM and 8:00 AM the next day, separate prior consent is obtained from the recipient.
- When transmitting advertising information for commercial purposes using electronic transmission media, the company specifically discloses the following information in the advertising information.
- a. Company name and contact information
- b. Indication of matters regarding refusal to receive or withdrawal of consent to receive.
- When transmitting advertising information for commercial purposes using electronic transmission media, the Company will not take any of the following measures.
- a. Measures to avoid or prevent recipients of advertising information from opting out of receiving it or withdrawing their consent to receive it.
- b. A measure to automatically create the recipient's contact information, such as a phone number or e-mail address, by combining numbers, symbols, or letters
- c. Measures to automatically register phone numbers or e-mail addresses for the purpose of transmitting commercial advertising information
- d. Various measures to hide the identity of the transmitter of advertising information or the source of advertisement transmission
- e. Various measures to induce a response by deceiving recipients for the purpose of transmitting advertising information for commercial purposes
Article 15 (Withdrawal of personal information inquiry and collection consent)
- Users and their legal representatives can view or modify their registered personal information at any time and request withdrawal of consent to personal information collection.
- Users and their legal representatives may withdraw their consent to the collection of their subscription information, etc. by contacting the personal information protection manager or person in charge in writing, by phone, or by e-mail, and the company will take action without delay.
Article 16 (Change of personal information, etc.)
- Users can request the company to correct errors in their personal information through the methods described earlier.
- In the event of the above, the company will not use or provide the personal information until the correction is completed. If incorrect personal information has been provided to a third party, the company will promptly inform the third party of the correction and ensure that the correction is implemented.
Article 17 (User Obligations)
- Users must keep their personal information current and are responsible for any issues arising from the submission of inaccurate information.
- Membership registration using someone else's personal information may lead to the loss of user status or legal penalties under relevant personal information protection laws.
- Users are responsible for securing their email address, password, etc., and should not transfer or lend them to a third party.
Article 18 (Company’s personal information management)
- In processing users' personal information, the company implements necessary technical and managerial protection measures to secure personal information against loss, theft, leakage, alteration, or damage.
Article 19 (Processing of Deleted Information)
- The company handles personal information that has been canceled or deleted at the request of the user or their legal representative in accordance with the “Retention and Use Period of Personal Information” policy. The information is processed to ensure it cannot be viewed or used for any other purposes.
Article 20 (Encryption of password)
- The user's password is stored and managed through one-way encryption. Personal information can only be confirmed or changed by the individual who knows the password.
Article 21 (Measures against hacking, etc.)
- The company is committed to rigorously safeguarding users’ personal information from leaks or damage due to intrusions into the information and communication networks, such as hacking and computer viruses.
- The company employs the most up-to-date anti-virus programs to protect users’ personal information and data from being leaked or damaged..
- The company is diligently working to ensure security by using an intrusion prevention system in preparation for any unforeseen events.
- The company ensures the secure transmission of sensitive personal information on the network (if it is collected and retained) through encrypted communication and other methods.
Article 22 (Minimization of Personal Information Processing and Training)
- The company limits the number of personnel involved in personal information processing to a minimum and emphasizes compliance with laws and internal policies through managerial measures such as training for personal information processors.
Article 23 (Measures for Personal Information Breach)
- Upon becoming aware of a loss, theft, or leak of personal information (hereinafter referred to as "leak, etc."), the company will immediately notify the affected users of all the following matters and report to the Korea Communications Commission or the Korea Internet & Security Agency:
- a. The categories of personal information that were subject to the leak, etc.
- b. The time when the leak, etc., occurred.
- c. Measures that users can take.
- d. The response actions taken by the information and communications service provider.
- e. The department and contact information where users can file inquiries or receive consultation.
Article 24 (Exceptions to Measures for Personal Information Breach)
- Notwithstanding the previous article, if the company is unable to contact the user or for other valid reasons, it may replace the notification required by the previous article with a posting on the company's website for at least 30 days.
Article 25 (Installation and Operation of Automatic Personal Information Collection Devices, and the Right to Refuse)
- To provide individualized services to users, the company uses automatic personal information collection devices ('cookies'). Cookies are small pieces of information sent by the website server (http) to users' web browsers (including PCs and mobile devices) and may be stored on users' storage spaces.
- Users have the choice to accept or refuse the installation of cookies. Therefore, users can allow all cookies, go through confirmation each time a cookie is stored, or refuse all cookies by setting options in their web browsers.
- However, refusing the storage of cookies may result in difficulties using some of the services provided by the company that require login.
Article 26 (Method to Allow Cookie Installation)
- Users can manage settings such as allowing or blocking cookies through the options in their web browsers.
- Edge: Click on the top right settings menu > Cookies and site permissions > Manage and delete cookies and site data.
- Chrome: Click on the top right settings menu > Privacy and security > Cookies and other site data.
- Whale: Click on the top right settings menu > Privacy protection > Cookies and other site data.
Article 27 (Appointment of Personal Information Protection Officer)
- The company has appointed a Personal Information Protection Officer and related department to protect users' personal information and handle complaints related to personal information as follows:
- Personal Information Protection Officer
- Name: Heo eun-ho
- Position: Chief Privacy Officer
- Phone number: 070-4335-4111
- Email: dev@dodlab.kr
Article 28 (Remedies for Infringement of Rights)
- Data subjects can apply for dispute resolution or consultation to the Personal Information Dispute Mediation Committee, the Personal Information Infringement Report Center at the Korea Internet & Security Agency, etc., for redress of personal information infringement. For other reports and consultations on personal information infringement, please contact the following organizations:
- Personal Information Dispute Mediation Committee: 1833-6972 (without area code) (www.kopico.go.kr)
- Personal Information Infringement Report Center: 118 (without area code) (privacy.kisa.or.kr)
- Supreme Prosecutors' Office: 1301 (without area code) (www.spo.go.kr)
- Korean National Police Agency: 182 (without area code) (ecrm.cyber.go.kr)
- The company is committed to ensuring the self-determination rights of information subjects and works to provide consultation and remedy for personal information infringement. If reporting or consultation is needed, please contact the department mentioned in paragraph 1.
- In cases where a decision or inaction by the head of a public institution infringes rights or interests under Articles 35 (Access to Personal Information), 36 (Correction and Deletion of Personal Information), and 37 (Suspension of Personal Information Processing) of the Personal Information Protection Act, the affected party may request administrative review as prescribed by the Administrative Appeals Act.
- Central Administrative Appeals Commission: 110 (without area code) (www.simpan.go.kr)
Addendum
- This policy is effective from December 19, 2023.