Personal Information Protection Policy

  • HOME
  • Personal Information Protection Policy
  • Personal Information Protection Policy

Personal Information Protection Policy

To protect the personal information and rights of users according to the Personal Information Protection Act, and efficiently solve the problems of users related to personal information, <Iris Infotech> has the following policy in place. if <Iris Infotech> revises the Privacy Policy, it will notify it through website announcements (or individual notification).
* This policy will go into effect on May 7, 2019.
  1. Purpose of personal information processing Irisinfotech(http://www.irisinfotech.co.kr/ 'Irisinfotech')processes personal information for the following purposes. Processed personal information will not be used for any purpose other than the following, and if the purposes of using personal information are changed, prior consent will be obtained.
    • Provision of goods or service: Personal information is processed for the purpose of providing services, sending bills.
  2. Current status of personal information files
    • Personal information file name: Privacy Policy
    • Personal information items: e-mail, cell phone numbers, names, company phone numbers, position, department, company name
    • Collection method: Official website
    • Grounds for retention: Inquiries about products and estimates
    • Retention period: 3 years
    • Related laws: Records about the collection/processing and use of credit information-3 years, records about contracts or withdrawal of offers-5 years
  3. Personal information processing and retention period
    1. Irisinfotech processes and retains personal information during the personal information retention and usage period according to laws, or the personal information retention and use period which information subjects consented to during collection of personal information.
    2. Each personal information processing and retention period is as follows
      • Provision of goods or services: Personal information related to the provision of goods or services will be retained and used for the above purposes for up to <3 years> from the date on which consent to collection and use was obtained.
        - Grounds for retention: Inquiries about products and estimates
        - Related laws: Records about the collection/processing and use of credit information-3 years, records about contracts or withdrawal of offers-5 years
      • Personal information items: e-mail, cell phone numbers, names, company phone numbers, position, department, company name
      • Collection method: Official website
      • Grounds for retention: Inquiries about products and estimates
      • Retention period: 3 years
      • Related laws: Records about the collection/processing and use of credit information-3 years, records about contracts or withdrawal of offers-5 years
  4. Matters concerning the provision of personal information to a third party
    1. Irisinfotech provides personal information to third parties only according to Articles 17 and 18 of the Personal Information Protection Act, e.g. the information subject’s consent and special provisions of the law.
    2. Iris Infotech provides the following personal information to third parties.
      • The recipients of personal information: Irisinfotech, HPE, Neodigm
      • Recipients’ purposes of using personal information: e-mail, cell phone numbers, names, company phone numbers, position, department, company name
      • Recipients’ retention and use period: 3 years
  5. Outsourcing of personal information processing
    1. Irisinfotech is outsourcing the following personal information processing jobs to efficiently process personal information.
    2. When entering into the outsourcing contract, Irisinfotech stipulates matters concerning prohibition of personal information processing for purposes other than the purposes of outsourcing according to Article 25 of the Personal Information Protection Act, technical and administrative protective measures, limiting re-outsourcing, management and supervision of outsourcees, and responsibility for compensation for damages, in documents like contracts, and checks if the outsourcee is processing personal information safely.
    3. If the details of outsourced jobs or outsourcees are changed, the company will immediately disclose it through this privacy policy.
  6. The rights and obligations of information subjects and legal representatives and the method of exercising them Users may exercise the following rights as personal information subjects.
    1. Information subjects may exercise such rights as accessing, correcting, deleting and suspending the processing of personal information at any time with regard to Irisinfotech.
    2. The rights pursuant to Paragraph 1 may be exercised in writing, by e-mail and fax according to Paragraph 1 of Article 41 of the Enforcement Decree of the Personal Information Protection Act, and Irisinfotech will take necessary measures immediately.
    3. The rights pursuant to Paragraph 1 may be exercised by representatives, such as the legal representatives of information subject or people delegated by information subjects. In this case, the power of attorney pursuant to the form in Annex 11 of the Enforcement Regulation of the Personal Information Protection Act.
    4. Information subjects’ right to access and suspend the processing of personal information may be limited according to Paragraph 5 of Article 35 and Paragraph 2 of Article 37 of the Personal Information Protection Act.
    5. If the personal information is specified by other laws as subject to collection, the deletion and deletion of the personal information may not be requested.
    6. Irisinfotech will check if the person who requested access to, correction of and suspension of processing of personal information pursuant to information subjects’ rights is the identical person or a valid representative.
  7. List of personal information items that are processed
    1. Irisinfotech processes the following personal information items.
      • Provision of goods or services
        Mandatory items: e-mail, cell phone numbers, names, company phone numbers, position, department, company name
        Options: None
  8. Destruction of personal information If the purposes of personal information processing are achieved, in principle, Irisinfotech will immediately destroy the personal information. The destruction procedure, deadline and method are as follows:
    1. Destruction procedure: The information entered by the user will be moved to a separate DB after the purpose is achieved (a separate document in case of paper), and destroyed after it is stored for a certain period of time or immediately according to the internal policy and other related laws. At this time, the personal information moved to the DB will not be used for other purposes unless it is according to laws.
    2. Destruction deadline: If the retention period expires, the personal information of the user will be destroyed within 5 days from the expiration of the retention period, and within 5 days from the time when the processing of personal information is deemed to be unnecessary if the personal information becomes unnecessary, e.g. the purposes of personal information processing are achieved, the service is discontinued, and the business is terminated.
    3. Destruction method: For information in the form of an electronic file, a technical method that cannot reproduce the records must be used. Personal information printed on paper will be shredded by a shredder or incinerated.
  9. Matters concerning installation, operation and refusal of automatic personal information collection devices
    1. Irisinfotech will not use ‘cookies’ that save the information of the information subject, and fetches it frequently.
  10. List of privacy officers
    1. Irisinfotech will take responsibility for personal information processing, and to handle information subjects’ complaints about personal information processing and redress damages, the company appoints the following privacy officers.
      • Privacy officer
        Department name: System Support Team
        Person in charge: Lee Je-young
        Contact info: 02-790-8844
        Mail: leejy@irisinfotech.co.kr
        Fax: 02-790-7833
      • Department in charge of personal information protection
        Department name: System Support Team
        Person in charge: Lee Je-young
        Contact info: 02-790-8844
        Mail: leejy@irisinfotech.co.kr
        Fax: 02-790-7833
    2. Information subjects can inquire about matters concerning personal information protection, complaints handling and remedies for damages with privacy officers and departments in charge while using the service (or business) of Irisinfotech. Irisinfotech will immediately answer and handle the inquiries of information subjects.
  11. Changing the privacy policy
    1. The Privacy Policy will be enforced from the effective date, and if it has additions, deletions or corrections according to laws and policies, they will be notified through announcements 7 days before enforcement of the changes.
  12. Measures to secure the safety of personal information Irisinfotech takes the following technical/administrative and physical measures necessary for securing its safety according to Article 29 of the Personal Information Protection Act.
    1. Regular self-inspection: To secure the stability of personal information handling, Irisinfotech is conducting self-inspection regularly (once a quarter).
    2. Establishing and carrying out internal management plans: To safely process personal information, Irisinfotech establishes and carries out internal management plans.
  13. Requesting access to personal information
    1. Information subjects may send the request to access personal information pursuant to Article 35 of the Personal Information Protection Act to the following department: Irisinfotech will make efforts to ensure that information subjects’ request to access personal information can be processed quickly.
      • Department receiving and processing the request to access personal information
        Department name: System Support Team
        Person in charge: Lee Je-young
        Contact info: 02-790-8844
        Mail: leejy@irisinfotech.co.kr
        Fax: 02-790-7833
    2. Information subjects may request to access personal information through the ‘Personal Data Protection Support Portal’ website (www.privacy.go.kr) of the Ministry of the Interior and Safety in addition to the department receiving the access request in Paragraph 1.
      • Personal Data Protection Support Portal of the Ministry of the Interior and Safety → Personal information complaints → Request to access personal information, etc. (I-Pin is required for identification)