Personal
Information Processing Policy
Cyram Inc. ('www.netminer.com'; 'NetMiner')
seeks to protect the personal information of information subjects in accordance
with Article 30 of the “Personal Information Protection Act” and to process related
complaints in a prompt and amicable manner, and to this end, has established
and disclosed the Personal Information Processing Policy as follows.
| Article 1.
Purpose of Personal Information Processing Article 2.
Personal Information Processing and Retention Period Article 3.
Consignment of the Personal Information Processing Article 4. Procedures
and Method of the Destruction of Personal Information Article 5.
Measures Concerning the Destruction of Personal Information of Long Term
Non-Users Article 6. Rights and Obligations of Information
Subjects and Legal Representatives & How to Exercise Them | Article 7.
Measures to Secure Safety of Personal Information Article 8.
Matters Concerning the Installation, Operation, and Refusal of and Automatic
Personal Information Collection Device Article 9.
Personal Information Protection Supervisor and the Personal Information Review
Request Article 10.
Remedies for the Infringement of Rights and Interests |
This Personal Information
Processing Policy is effective as of 4 30, 2024.
Article 1. Purpose of Personal
Information Processing
Cyram Inc. ('www.netminer.com';
hereinafter, 'NetMiner') processes personal information for the following
purposes. The personal information processed will not be used for any purposes
other than the following, and if the purposes of use are changed, necessary
measures will be taken, such as acquiring a separate consent in accordance with
Article 18 of the “Personal Information Protection Act”.
①
Website user registration and
management
Personal
information is processed for the purposes of confirming the user's intention to
sign up, identifying and authenticating him or herself according to the
provision of user services, maintaining and managing user qualifications,
preventing the illegal use of services, and for various notification purposes.
②
Provision of goods or services
Personal
information is processed for the purposes of providing services, sending
estimates, contracts, and invoices, providing contents, providing customized
services, self-certification, receipt authentication, bill payment and settlement,
and debt collection, etc.
③
Use for marketing and
advertising
Personal
information is processed for the purposes of developing new services (products)
and providing customized services, providing event-related and advertising
information and opportunities to participate, checking the effectiveness of
services, identifying access frequencies, or the statistics on the users’ use
of service.
Article 2. Personal Information
Processing and Retention Period
①
Cyram Inc. processes and
retains the personal information within the period of retention and use of the
personal information according to the laws and regulations or within the period
of retention and use of the personal information agreed upon when the personal
information is collected from the information subject.
②
Each personal information
processing item and retention period are as follows. When the purposes of
collecting and using the personal information have been achieved, it will be
destroyed without delay, yet in any of the following cases, it may be kept for
a specified period and not used for any other purposes. The following minimum
personal information is collected through the website, and additional personal
information is collected during the consultation and inquiry (phone, fax, and
website) and use of paid license.
Classification | Service | Purpose of Collection | Processed Item | Period of Retention and Use |
Member | Website user registration and management | Confirmation of the intention to sign up for membership, identification of users and prevention of duplicated subscriptions, delivery of notices | Mandatory: ID, name, email, password, company name, and country Optional: whether user consented to receive marketing information | Destroyed immediately upon withdrawal from membership and termination of the service contract / withdrawal from membership (However, information stored separately for the period provided by related laws and regulations is excluded.) |
| Confirmation of paid license subjects (Status authentication) | Mandatory: Name, whether student / school lecturer, institution of affiliation(name of school), department /academic department, name of country, email | |||
| Provision of goods or services | Paid license quotation inquiries and requests | Mandatory: Name, phone number, email, institution of affiliation Optional: department / academic department | ||
| Application for the Academic Coursework License | Mandatory: Name, name of country, name of school(institution of affiliation), name of academic department, email | |||
| Paid license upgrade inquiries | Mandatory: Name, email, institution of affiliation, department / academic department, position / rank, phone number | |||
| Receipt and processing of customer inquiries, check for errors | Mandatory: Name, institution of affiliation, department / academic department, phone number, position | |||
| Use for marketing and advertising | Use for marketing and advertising | Mandatory: email | ||
| Non-member | Provision of goods or | Paid license quotation inquiries and requests | Mandatory: Name, phone number, email, institution of affiliation, department / academic department | |
| Receipt and processing of customer inquiries, check for errors | Mandatory: Name, institution of affiliation, department / academic department, phone number, position |
Additionally, the following personal
information items may be automatically generated and collected in the course of
using the Internet service.
Service | Processed Item | Period of Retention and Use |
Record of service usage | IP address, cookie, MAC address, service use record, visit record, and error record, etc. | 3 months |
③
The personal information items
and periods retained by the company in accordance with related laws and
regulations are as follows.
1. Website membership registration
and management: Until withdrawal from the business and organization website
However, in any of the following circumstances, it shall be retained until the
end of the reason or cause.
1) Where an
investigation or survey is in progress due to a violation of related laws and
regulations, until the investigation or survey is completed.
2) In the
event that receivables and payables remain due to the use of the website, until
the settlement of the relevant receivables and payables is completed.
2. Provision of goods or services:
Until the supply of goods and services is completed, and the payment and
settlement are completed.
However, for
any of the following, until the end of the relevant period.
1) For records
on transactions, such as labeling and advertisement, contract details and
execution, etc., in accordance with the “Act on the Consumer Protection in
Electronic Commerce”
- Records on labeling
and advertisement: 6 months
- Records of
contract or withdrawal of subscription, payment, supply of goods, etc.: 5 years
- Records on
consumer complaints or dispute handling: 3 years
2) Retention
of communication confirmation data in accordance with the “Protection of
Communications Secrets Act”
- Records on service
visits (computer communication, internet log records, and access tracking
data): 3 months
④
Personal information processing
of long-term non-users (inactive users)
According to
the ‘personal information validity period system’, if there is no log-in record
for over one year, the user account will be converted to an inactive account
and personal information will be stored separately. 30 days prior to the
transition to inactivity, the users will be notified via email of the expected
date of transition to inactivity, and how to process the information.
In accordance with the Personal Information Protection Act of September 15, 2023 (Article 39.6 Abolition of the Expiration Date of Personal Information), accounts of users who have not logged in for more than one year will not be automatically converted to dormant accounts and will not be kept separately.
Article 3. Consignment of the Personal
Information Processing
①
Cyram Inc. consigns the
following personal information processing tasks to external professional
companies to facilitate the personal information processing.
Person
Consigned (Consignee) | Consigned Work | Period of Retention and Use |
PayPal Holdings, Inc. | Payment processing (credit card, payment method, | Until the end of the statutory |
②
Cyram Inc. specifies in its documents
such as contracts any matters concerning responsibility for the prohibition of
handling personal information for any purposes other than the purposes of
consignment, technical and managerial protection measures, restriction of re-consignment,
management and supervision of consignees, compensation for damages, etc., and
supervises whether the consignee processes the personal information safely.
③
Cyram Inc. will disclose without
any delay through this Personal Information Processing Policy if any of the
contents of the consigned business or the consignee are changed.
Article 4. Procedures and Methods of Personal
Information Destruction
①
Cyram Inc. destroys the
personal information without delay once the personal information becomes
unnecessary, such as when the personal information retention period has elapsed
and after the achievement of the purposes of processing.
②
If the personal information
must be retained in accordance with other laws and regulations beyond the
personal information retention period agreed upon by the information subject or
the achievement of the purposes of processing, the relevant personal
information will be moved to a separate database (DB) or otherwise stored in a
storage location.
③
The procedure and method of
destroying the personal information are as follows.
1. Destruction procedure
Cyram Inc. selects the personal information for which a cause or reason
for its destruction has occurred and destroys the personal information with the
approval of Cyram Inc.'s personal information protection supervisor.
2. Destruction method
Personal information printed on paper will be shredded using a
shredder or destroyed by incineration, while personal information in the form
of electronic files will be destroyed using a technical method that prevents
its recovery.
Article 5. Measures Concerning the
Destruction of Personal Information of Long-Term Non-Users
①
Cyram Inc. destroys the
information of the users who have not used the service for one year. However, such
information may be stored and managed separately from the other users' personal
information until the retention period prescribed by other laws and regulations
has elapsed.
②
Cyram Inc. notifies users by email
of the fact that the personal information will be destroyed, the expiration
date of the period, and the items of personal information to be destroyed up to
30 days before the destruction of the personal information.
③
If you do not want to have your
personal information destroyed, you can log in to the service before the period
expires.
Article 6. Rights and Obligations of
Information Subject and Legal Representative & How to Exercise Them
①
The information subject may
exercise the right to review, correct, delete, or suspend the processing of the
personal information retained by Cyram Inc. at any time.
②
The user’s exercise of his or
her rights pursuant to Paragraph 1 may be done in writing, email, fax, etc. in
accordance with Article 41 Paragraph 1 of the Enforcement Decree of the
“Personal Information Protection Act,” and Cyram Inc. will take action without
delay.
③
The rights pursuant to
Paragraph 1 may be exercised through a proxy, such as the legal representative
of the information subject or a person who has been delegated. In this case, one
must submit a power of attorney in accordance with Annex No. 11 of the “Public
Notice on Personal Information Processing Method (No. 2020-7).”
④
Any demand for access to or suspension
of processing of the personal information may be made that restricts the rights
of the information subject according to Article 35 Paragraph 4 and Article 37
Paragraph 2 of the “Personal Information Protection Act.”
⑤
No demand for correction or deletion
of the personal information can be made if the personal information is
specified as subject to collection under other laws and regulations.
⑥
Cyram Inc. will verify whether
the person who made the demand, such as a demand for review, a demand for
correction or deletion, or a demand for suspension of processing according to
the right of the information subject, is the person him or herself or a
legitimate proxy.
⑦
Users can access their personal
information from [My Page] menu at any time, and review, correct or delete the
information.
⑧
If the user no longer intends
to use the company's service, he or she may terminate the use of the service
through [Delete account].
Article 7. Measures to Secure Safety of
Personal Information
①
Cyram Inc. takes the following
measures to ensure the safety of the personal information.
1.
Minimization the number of the employees handling personal information, and
proper training
NetMiner implements measures to manage the personal information by
designating the employees who process personal information and limiting them to
those in charge.
2. Technical measures against hacking, etc.
Cyram Inc. installs a security program to prevent leakage and damage
of the personal information due to hacking or computer viruses, regularly
updates and inspects it, installs the system in an area where access from
outside is controlled, and technically and physically monitors and blocks it.
3. Encryption of the personal information
The user's personal information is stored and managed with the
password encrypted to ensure that only the user can know about it, and for the
important data, separate security functions are used, such as by encrypting
files and transmission data or using a file lock function.
4. Storage of access records and the prevention of forgery
Records of access to the personal information processing system are
kept and managed for at least six months, and security functions are used to
prevent forgery, alteration, theft, and any loss of access records.
5. Restriction of access to the personal information
NetMiner takes the necessary measures to control access to the personal
information by granting, changing, or canceling access rights to the database
system that processes the personal information, and also controls any unauthorized
access from the outside by using an intrusion prevention system.
Article 8. Matters Concerning the
Installation, Operation, and Refusal of an Automatic Personal Information
Collection Device
①
Cyram Inc. uses ‘cookies’ that
store usage information and retrieves it from time to time to provide the personalized
services to the users.
②
Cookies are small files that
the server (http) used to operate the website sends to the user's computer
browser, and are also stored on the hard disk of the user's PC.
1. Purpose of
using cookies: To provide optimized information to users by identifying the
types of visits and usage of each service and website visited by the user,
popular search keywords, and security access, etc.
2.
Installation and operation and rejection of cookies: You can refuse to save the
cookies by setting options in “Tools > Internet Options > Personal
Information” menus at the top of the web browser.
3. If you
refuse to save cookies, you may experience difficulties in using the customized
services.
Article 9. Personal Information
Protection Supervisor and the Personal Information Review Request
①
Cyram Inc. is responsible for
overseeing the personal information processing, and has designated a Personal
Information Protection Supervisor as follows to process the complaints and
damage relief of the information subjects related to the personal information
processing.
②
The information subject may claim
the right to review the personal information in accordance with Article 35 of
the “Personal Information Protection Act” to the department below. Cyram Inc.
will endeavor to promptly process personal information review claims for the information
subjects.
Classification | Person in Charge | Contact |
| Personal information protection supervisor | Name: Ghim Ghi Hoon Position: Chief executive officer | Phone: (+82) 1660-4230 Email: netminer@cyram.com |
| Department in charge of personal information protection | Name of department: Support Part Person in charge: Park Jae-young | Phone: (+82) 1660-4230 Email: netminer@cyram.com |
| Personal information review claim | Name of department: Support Part Person in charge: Park Jae-young | Phone: (+82) 1660-4230 Email: netminer@cyram.com |
③
The information subject may direct
all inquiries related to personal information protection, complaint handling,
relief for damage, etc. that occurred while using Cyram Inc.'s service (or
business) to the personal information protection supervisor and the department
in charge. Cyram Inc. will respond to and process inquiries of the information
subject without any delay.
Article 10. Remedies for the
Infringement of Rights and Interests
①
The information subject may
apply for dispute resolution or consultation to the Personal Information
Dispute Mediation Committee and the Personal Information Infringement Report
Center of the Korea Internet & Security Agency in order to receive relief for
any personal information infringement. Additionally, the information subject
may contact the following organizations for reporting on or consulting for any
other personal information infringements.
1. Personal
Information Dispute Mediation Committee: (no area code) 1833-6972
(www.kopico.go.kr)
2. Personal Information
Infringement Report Center: (no area code) 118 (privacy.kisa.or.kr)
3. Supreme
Prosecutors' Office: (no area code) 1301 (www.spo.go.kr)
4. National
Police Agency: (no area code) 182 (cyberbureau.police.go.kr)
②
For any demand pursuant to the
provisions of Article 35 (Inspection of Personal information), Article 36
(Correction and Deletion of Personal Information), and Article 37 (Suspension,
Etc., from Managing Personal Information) of the “Personal Information
Protection Act”, a person whose rights or interests have been infringed upon
due to a disposition or omission made by the head of a public institution may make
an administrative appeal in accordance with the provisions of the
Administrative Appeals Act.
‣ Central Administrative Appeals Commission: (no area code) 110
(www.simpan.go.kr)
* Please refer to the website of the Central Administrative Appeals
Commission (www.simpan.go.kr) for the details on administrative appeals.
Article 11. Changes to the Personal
Information Processing Policy
①
This
Personal Information Processing Policy is effective as of 4 30, 2024.
②
The previous Personal
Information Processing Policy may be found below.