Personal Information Processing Policy

<IT1> (http://www.it-1.kr/ > (hereinafter referred to as 'IT1') establishes and discloses a personal information processing policy as follows in order to protect the personal information of the data subject and to promptly and smoothly deal with related grievances pursuant to Article 30 of the Personal Information Protection Act.
○ This privacy policy will take effect on June 1, 2022.
Article 1 (Purpose of Processing Personal Information)
<IT1> (<http://www.it-1.kr/ >) processes personal information for the following purposes. The personal information being processed will not be used for any purpose other than the following purposes, and if the purpose of use is changed, necessary measures such as obtaining separate consent pursuant to Article 18 of the Personal Information Protection Act will be implemented.
1. Membership registration and management on the website
Personal information is processed for the purpose of identifying and authenticating oneself according to the confirmation of membership intention and the provision of membership services.
2. the provision of goods or services
We process personal information for the purpose of identity authentication.
Article 2 (Period of Processing and Retention of Personal Information)
① <IT One> processes and retains personal information within the period of retention and use of personal information under the Act or the period of retention and use of personal information agreed upon when collecting personal information from the data subject.
② Each of these personal information processing and retention periods is as follows.
1. <Home page membership registration and management>
Personal information related to <Homepage Membership Registration and Management> is retained and used for the above purpose from the date of consent to collection and use to <1 year>.
Grounds for holding: Terms and conditions of use
Related Acts and subordinate statutes: Records on the collection, processing, and use of credit information: 3 years
Reason for Exception: However, we do not have personal information when withdrawing from the membership.
Article 3 (items of personal information to be processed)
① < IT One> is processing the following privacy items.
1. < Membership registration and management>
Required items: Mobile phone number, gender, date of birth, name, company name
Article 4 (Procedures for Destruction of Personal Information and Method of Destruction)
① <IT One> If personal information becomes unnecessary, such as the expiration of the retention period of personal information or the achievement of the purpose of processing, the relevant personal information will be destroyed without delay.
② If the retention period of personal information agreed by the data subject has elapsed or the purpose of processing has been achieved, the personal information needs to be preserved according to other laws and regulations, the personal information is transferred to a separate database (DB) or stored differently.
③ The procedures and methods of destroying personal information are as follows.
1. Reversal procedure
<IT One> selects personal information for which the reason for destruction occurred, and destroys the personal information with the approval of the personal information protection officer of <IT One>.
2. How to destroy
Information in the form of an electronic file uses a technical method that does not allow the recording to be played.
Personal information printed on paper is crushed with a shredder or destroyed through incineration
Article 5 (Measures concerning the Destruction, etc. of Personal Information of Unused Users)
① <Personal Information Handler Name> is destroying the information of users who have not used the service for one year. However, it can be stored and managed separately from other users' personal information until the preservation period prescribed by other laws and regulations has elapsed.
② <Personal Information Handler Name> informs users of the fact that personal information is destroyed 30 days before the destruction of personal information, the expiration date of the period, and the items of destroyed personal information by e-mail or text message.
③ If you don't want to destroy your personal information, you can log in to the service before the expiration of the period.
Article 6 (Matters concerning the rights and obligations of the data subject and legal representative, and the method of exercise thereof)
① The data subject may exercise the right to view, correct, delete, and suspend processing of personal information at any time.
② The exercise of rights pursuant to paragraph 1 may be made to IT1 in writing, e-mail, or copy transmission (FAX) pursuant to Article 41 (1) of the Enforcement Decree of the Personal Information Protection Act, and IT1 will take action without delay.
③ The exercise of rights under paragraph 1 may be made through an agent, such as a legal representative of the data subject or a person who has been delegated. In this case, you must submit a power of attorney in accordance with the attached Form 11 of the "Notification on how to process personal information (No. 2020-7)."
④ The right of the data subject may be restricted in accordance with Articles 35 (4) and 37 (2) of the Personal Information Protection Act to request the suspension of reading and processing of personal information.
⑤ A request for correction and deletion of personal information cannot be requested for deletion if the personal information is specified as the subject of collection in other laws and regulations.
⑥ The IT Institute checks whether the person who made the request for access, correction and deletion, or access when requesting suspension of processing according to the data subject's right is the person or a legitimate agent.
Article 7 (Matters concerning measures to ensure the safety of personal information)
<IT One> is taking the following steps to ensure the safety of personal information.
1. Minimize and train personal information handling staff
We are implementing measures to manage personal information by designating employees who handle personal information and minimizing them by limiting them to those in charge.
2. Establishment and implementation of an internal management plan
An internal management plan is established and implemented for the safe processing of personal information.
3. Technical measures against hacking, etc
<IT1> ('IT1') installs security programs, regularly updates and inspects personal information to prevent leakage and damage caused by hacking or computer viruses, installs systems in areas where access is controlled from the outside, and monitors and blocks technically and physically.
4. encryption of personal information
The password of the user's personal information is encrypted, stored and managed, and only you can know it, and important data uses separate security functions such as encrypting files and transmission data or using file lock functions.
5. Restrictions on Access to Personal Information
We take necessary measures to control access to personal information by granting, changing, and canceling access to the database system that processes personal information, and control unauthorized access from outside using an intrusion prevention system.