I Auction (“company” or “I Auction”) places great emphasis on your personal information and abides by the “Act on the Promotion of Information Network Usage and Information Protection”
※ This policy will be effective as of May 1, 2008.
2. The type of personal information collected and collection methods
1. The type of personal information collected and collection methods
A. The type of personal information collected
- The Company collects the following personal information for such purposes as registering members, providing quality customer service, and delivering other various services:
- - User name, user birthday, user gender, user ID, password, security questions and answers, phone number, address, mobile phone number, e-mail address, Cookies, and payment record
B. Data collection methods
- The Company collects personal information using the following means:
- - Website, written forms, fax
3. Purposes for the collection and use of personal information
The Company uses the collected personal information for the following purposes.
A. Billing and collection of fees for the fulfilment of service terms and conditions and the provision of services.
- - Content provision, purchase and payment, delivery of goods, sending invoices, Financial transaction authentication and financial services.
B. Membership management
- - User verification in accordance with the conditions for use of members-only services and the limited user verification, unique visitor identification, prevention of fraud or unauthorized use by members, confirmation of registration, setting limits on registration and the frequency of registrations, confirmation of legal guardians’ consent when collecting the personal information of minors under 14 years of age, confirmation of the legal guardians’ identities, retention of records for dispute mediation, handling of grievances such as complaints, and delivery of notices
C. Development and marketing of new services
- - Offer of event and advertising information, identifying the frequency of return visits and statistics on the service usage of members
4. Disclosure and provision of personal information
The Company limits the use of the personal information collected from users to the purposes specified in “3. Purposes for the collection and use of personal information” and will not use personal information for any other purposes or disclose the information to any third party without the user’s consent. However, exceptions may exist in the following circumstances:
- - The information has already been made publicly available by users
- - Disclosure of the information is required by law, e.g., when a government or investigative agency requests disclosure in accordance with the procedures outlined in applicable legislation)
5. Retention and usage period for personal information
The Company will immediately destroy the personal information collected when the purpose for which that information was collected is no longer being served. However, the Company will retain the personal information for the period necessary to fulfil the following purposes:
A. Retention of the information is required by the Company’s internal policies
- - Purpose of retaining logs of abnormal usage: Prevention of fraud or abnormal activity
- - Retention period: 1 year
B. Retention of the information is required by law
If retention of personal information is required by applicable legislation such as the Commercial Code and the Act on the Consumer Protection in Electronic Commerce, the Company may retain that information for the period specified in the applicable law. The information thus being retained by the Company will only be used to fulfil the purposes for which it is retained for the respective periods below:
- Retention items : Payment record
Preservation evidence : Purpose of retaining history of contract or subscription cancellations Retention period: 3 years
- Purpose of retaining history of contract or subscription cancellations: (The Act on the Consumer Protection in Electronic Commerce)
Retention period: 5 years
- Purpose of retaining history of payments and supply of goods:
(The Act on the Consumer Protection in Electronic Commerce) Retention period: 5 years
- Purpose of retaining history of consumer complaints or settled disputes:
(The Act on the Consumer Protection in Electronic Commerce) Retention period: 3 years
6. Procedure and method for destruction of personal information
The Company ensures that all personal information is destroyed as soon as the purpose for which that information was collected is no longer being served.
Personal information is destroyed through the following procedure and methods:
A. Destruction procedure
- - The information which users provide when register will be transferred and stored in a separate database (or a separate file if the information is given in paper format) as soon as the original purpose is no longer being served by retention of the information. That information will then be stored for privacy protection for the period specified in the Company’s internal policy or in applicable legislation (see “Retention and use periods”).
- - The personal information stored will never be used for any other purposes, except as required by law.
B. Destruction methods
- - Personal information printed on paper will be destroyed by way of shredding or burning.
- - Personal information stored on electronic files will be deleted using a technical method ensuring that the information cannot be reproduced.
7. Rights of users and their guardians, and way to exercise those rights
- - Users and their guardians may access and change the personal information they provided during registration at any time and may deactivate or delete their account at any time.
- - Users, or minors under 14 years of age, may access or change their personal information by clicking “Update Personal Information” or “Edit Account Settings.” To deactivate your account (or revoke permission), click “Deactivate Account.” Following the verification process, you can directly access, correct, or deactivate your account.
- - Otherwise, contact our Chief Privacy Officer via mail, phone, or e-mail, and the Company will respond promptly to your inquiry.
- - If a user requests correction of errors in their personal information, that information will not be used or made available during the year until the correction has been made. If incorrect personal information has already been given to a third party, the Company will promptly inform that third party of the results of correction as soon as the correction has been made.
- - The Company disposes of any personal information which a user or their guardian requests to be deleted in accordance with “5. Procedure and method for the destruction of personal information” and ensures that the information will not be accessed or used for any other purpose.
8. Enabling and disabling automatic data collection tools
A. Purposes of using cookies
- Cookies help the Company provide users with optimized information by analyzing visits and the usage of services provided on the I AUCTION website and other websites, identifying popular search words, determining the use of secure connections, and measuring the number of visitors.
B. Enabling and disabling cookies
- - Users can choose whether to allow or block cookies. By using the Options on their browser, users can enable all cookies, allow cookies to be stored after verification, or reject all cookies.
- - To reject cookies, users can enable all cookies, allow cookies to be stored after verification, or reject all cookies using the Options on their browser.
- - Example of settings (in Internet Explorer): The Tools at top of the browser Internet options Privacy tab
- -In case of refusing to store cookies, users may experience difficulty using some of the services provided by I AUCTION that require log-in.
9. Technical and administrative safeguards to protect personal information
In handling the personal information of its users, the Company seeks to maintain the following technical and administrative safeguards to ensure the security of personal information and protect it against loss, theft, breach, modification or damage.
A. Encryption of passwords
I AUCTION uses encryption to store and maintain members’ user names and passwords in such a way that only users can access their own usernames and passwords. Personal information can be accessed or changed only by those who know the password to access the account.
B. Protecting against hackers or cyberattacks.
The Company is committed to protecting members’ personal information against breaches or damage resulting from hacking or viruses.
The Company protects personal data against damage through regular back-ups and uses the latest versions of vaccines to prevent data breaches or damage. Furthermore, the Company ensures that personal information is securely transferred over a network through an encrypted communication.
Moreover, the Company utilizes an invasion prevention system to control unauthorized access and seeks to put in place as many technical safeguards as possible to ensure the security of all systems.
C. Training and limiting personnel handling personal information to minimum
D. Operating a mechanism dedicated to privacy (privacy team)
However, the Company is exclusively not responsible for data breaches resulting from careless handling of a username or password on the user’s part or problems on the Internet.
10. Contact Information for our Chief Privacy Officer and responsible officers
You may report any incident related to privacy arising out of your use of the Company’s services to our Chief Privacy Officer (CPO) or responsible officer/department.
The Company strives to respond promptly and adequately to users’ reports.
Chief Privacy Officer and Responsible Privacy Officer
- Name: Gyun-pa, Kong
- Organization: I AUCTION CO., LTD.
- Phone: 02)733-6430
- E-mail: email@example.com
- Title Director Name : GM Gyunpa,Kong
- E-mail: firstname.lastname@example.org
If you want to report an incident of privacy invasion or have any inquiries, please contact the organizations below:
- ① Personal Information Dispute Mediation Committee ( www.1336.or.kr / 1336)
- ② Personal Information Protection Mark Accreditation Committee ( www.eprivacy.or.kr / 02-580-0533~4)
- ③ Internet Crime Investigation Center, Supreme Prosecutors' Officer ( http://icic.sppo.go.kr / 02-3480-3600)
- ④ Cyber Terror Response Center, National Police Agency ( www.ctrc.go.kr / 02-392-0330)
12. Duty to Notify