STX values users' personal information and comply with "promotion of information network utilization and information protection act" and "personal information protection act."
The following Personal Information Handling Policies are applied to this website (www.stx.co.kr, "the website").
01Collected personal information items
The company collects the following personal information for subscription, counseling and service requests.
Collected information: Name, home telephone number, cell phone number, and email
Collected personal information method: Website (customer’s inquiries, ethical management)
02Collection of personal information and purposes of use
The company uses the user’s collected personal information for the following purposes.
Membership management: Confirmation of the person based on the membership service, complaint processing, delivery of notices, confirmation of age and confirmation of consent of a legal representative if collecting personal information of a child below 14.
Employment: Registration of resident registration number, foreigner registration number, name, address, cell phone number, place of birth and email for online employment as well as notification of the results of processing
Service provision: Use of various contents provided only for the members who have logged in and entry for events
Marketing and advertisement: Delivery of advertisement-like information such as events and delivery of goods for event winners
New service development and specialization, service provision and display of demographic characteristics
Identification of access frequency and statistics about members’ use of services
03Sharing and provision of the collected personal information
The company does not provide the user’s personal information to the outside world in principle. However, the following cases are exceptions.
Users agree in advance
Personal information necessary to implement a contract on service provision where it is significantly difficult to obtain a consent due to economic/technological reasons
When there is a sufficient ground decided to be necessary to open customers’ information to take legal measures to mental and physical damages done to another person
Use of the minimum information of a user (name, address, telephone number) necessary in relation to provision of customer services
In case there is a request by the investigation agency in accordance with the provisions of the Act or according to the procedures and methods prescribed in the Act for investigation purposes
04Period of retaining and using personal information
The company will keep and use personal information of its users for services for (a) period from the date of subscription.
If withdrawal is requested, consent to collection and use of personal information is withdrawn, purposes of collection and use have been achieved and/or term for keeping and use has expired, the personal information will be immediately destroyed.
However, personal information in the application form shall be saved in the company’s HR pool so that the relevant HR pool can use the information for regular employment. If an applicant wants his/her personal information to be deleted, it shall be immediately deleted.
Retention period: Up to 12 months from the date of collection
Destruction: Twice a year
05Procedure and methods of destruction of personal information
In principle, the company destroys personal information without delay once the purposes of collection and use have been achieved. The destruction procedure and methods are as follows.
The information entered by you for membership subscription, if once its purpose of use has been achieved, will be relocated to a separate database (a separate file box as for paper), kept for a certain length of time according to internal policies and other related laws (refer to the period to keep and use) and destroyed.
Personal information stored in an electronic file format is deleted, using a technique that cannot be played electronically.
Personal information printed on paper is either shredded through a shredder or destroyed by incineration.
06The rights and exercise of the user and the legal representative
A user or a legal representative can peruse or revise his/her information or personal information of a child below 14 anytime. He/she can also request for cancelation of subscription. For perusal or revision of personal information of a user or a child below 14, click on ‘Change Personal Information’ (or ‘Revise Member’s Information’, etc.). To cancel subscription (withdrawal of consents), click on ‘Withdraw’, followed by personal identification and direct perusal, correction or withdrawal.
Otherwise, contact the person responsible for protection of personal information in writing or via telephone or email, and there will be an immediate measure.
When user requests correction for a personal information error, information of that year shall not be used or provided before completion of correction. Additionally, if incorrect personal information has already been provided to third parties, the correction results shall be notified to the third party without delay.
The company treats the personal information that is revoked or deleted by the user or legal representative according to "the terms and conditions of the company's personal information collection and utilization", and is not permitted to be accessed or used for other purposes.
07Installation, operation, and rejection of personal information auto collection devices
We do not use a device to collect personal information automatically arising upon using the internet, such as cookies. When cookies are used, purpose of use, installation, operation and/or refusal shall be prescribed.
08Display of personal information and measures
As for a customer who exposes personal information of other persons, the displayed content will be deleted without notification.
09Technological and managerial protective measures for personal information
The company seeks the following technological and managerial measures to secure safety of personal information against loss, theft, leakage, falsification or damage.
Encryption of passwords
The password set up upon your site subscription (application for a job) will be encrypted, stored and managed so only the owner knows it. Confirmation and change of personal information can be conducted only by the owner who knows his/her password.
Countermeasures against hacking
The company does its best to prevent members’ personal information from being disclosed or compromised by hacking or computer viruses.
The materials are regularly backed up to prevent damage of personal information. The most up-to-date vaccine program is used to prevent leakage or damage of users’ personal information or materials. A user’s important personal information (resident registration number, etc.) is encrypted. All personal information are safely encrypted and transferred on the network.
Also, we use firewall to control unauthorized access from an external source. In order to secure system-wide security, we strive to be equipped with all the possible technological devices.
Minimization and education of the person in charge of personal information management
The company’s handling of personal information is limited to responsible persons. For this, separate passwords are given for long-term revision while regular/frequent education for the responsible persons has been conducted. Especially, we emphasize personal information of applicants.
Operation of an organization exclusively used for protection of personal information
Through the organization established exclusively for internal protection of personal information, compliance with the company’s Personal Information Handling Policies and others on the part of the responsible persons is checked. If a problem is found, we strive to amend and correct it immediately. However, the company will not be responsible for a problem that has arisen due to leakage of personal information such as password and resident registration number due to a user’s negligence or internet problems.
10Contact details of Personal Information Security Officer
The company, in order to protect a customer’s personal information and process reports and complaints related to personal information, designates the persons responsible for protection of personal information and the department as follows.
The Manager of Personal Information Security Officer
Name: Seok Kim
Title: Head of Management Support Department
Contract details: +82-2-316-9600
Email : email@example.com
Personal Information Security Department
Department: IT Team
Contact details: +82-2-316-9600
Email : firstname.lastname@example.org
You can report any complaints related to the protection of personal information that arise while you use the company’s service to the personal information security officer or the responsible department. The company will provide as soon as possible sufficient answers to such reports by its users.
If you need to report infringement on personal information or want counseling, please contact the following institutions.
1. The Personal Dispute Mediation Committee (www.1336.or.kr /1336)
2. OPA Privacy (www.eprivacy.or.kr / 02-580-0533~4)
3. Supreme Prosecutors’ Office, Cybercrime Investigation Division (http://icic.sppo.go.kr / 02-3480-3600)
4. Cyber Terror Response Center, Korea National Police Agency (www.ctrc.go.kr / 02-392-0330)
12Duty of notification
The Personal Information Handling Policies have been in force since June 1, 2014. In the event of addition, deletion or revision coming from changes of laws, policies or security technologies, it will be notified on the company’s website notice board seven days prior to the enforcement date of such changes.
Version of the Personal Information Policy: STX_140601_1.0
Enforcement date of the Personal Information Policy: June 1, 2014