In accordance with Article 30 of Personal Information Protection Act, i-FACTORY shall establish and publish the guidelines of processing personal information as follows to protect the personal information of an information provider (customers) and to process related grievances quickly and efficiently.
1. Purpose of Processing Personal Information: i-FACTORY shall process personal information for the following purposes and shall not be allowed to use this information for purposes other than the following.
- Self-identification and authentication to provide services to customers, payment for goods and services supplied, supply and delivery of goods or services, etc.
2. Processing and Retention Period of Personal Information
(1) i-FACTORY shall process and retain personal information within a period of retention and use of personal information agreed upon when collecting personal information from an information provider or the period of retention and use of personal information stipulated in laws and regulations.
(2) The period of processing and retaining specific personal information shall be as follows.
- Records of supply, including contract and subscription cancellation, payment, goods supply in e-commerce: 5 years
3. Provision of Personal Information to Third Parties i-FACTORY shall not provide any personal information to third parties except for cases falling under Article 17 of the Personal Information Protection Act, such as the separate consent of an information provider, special provisions of the law, etc.
4. Rights/Duties of Data Providers and How to Exercise Them An information provider may exercise the following rights related to protection of personal information at any time.
1) Request to read personal information
2) Request to correct errors in personal information, etc.
3) Request to delete
4) Request to stop processing
5. Items of personal information to be processed: i-FACTORY processes the following personal information items:
- Name, date of birth, address, phone number, mobile phone number, gender, email address, payment information such as credit card number and bank account number, etc.
6. Destruction of Personal Information
(1) i-FACTORY shall remove any personal information without delay when such personal information becomes unnecessary, including the retention period of personal information that has elapsed or the purpose of processing that has been fulfilled.
(2) i-FACTORY shall dispose of personal information in the following ways.
- Electronic files: Delete files and format storage media such as disks
- Written documents: Destroy or incinerate the written documents
7. Measures for Safety of Personal Information: i-FACTORY shall take the following measures to ensure the safety of personal information.
- Administrative measures: Establishment and implementation of internal management plans and provision of regular training for employees, etc.
- Technical measures: Management of access rights such as password setting of the personal information processing system (or the computer where personal information is stored), installation of security programs such as vaccine software, encryption of files in which personal information is stored
- Physical measures: Locks shall be used in the place where personal information is saved or stored, access control, etc.
8. Person in Charge of Personal Information Protection i-FACTORY shall be responsible for overall personal information processing and designate a person in charge of protecting personal information as follows to handle complaints from information providers and provide damage relief to them in relation to personal information processing.