AirKorea Corporation (hereinafter referred to as the 'Company') has established the following personal information processing policy to protect the user's personal information and rights in accordance with the Personal Information Protection Act, and to smoothly handle user complaints related to personal information. If the company revises the personal information processing policy, it will notify it through website notices (or individual notices).
Purpose of Personal Information Collection and Use
The company processes personal information for the following purposes. The processed personal information will not be used for purposes other than these, and if the purpose of use changes, we plan to obtain prior consent.
A. Homepage Membership Registration and Management
We process personal information for the purpose of confirming the intention to join, identifying and certifying oneself according to the provision of membership service, maintaining and managing membership qualifications, verifying oneself in accordance with the implementation of the limited personal verification system, preventing unfair use of services, various notifications and notifications, grievance handling, record keeping for dispute resolution, etc.
B. Civil Affairs Processing
We process personal information for the purpose of verifying the identity of the complainant, checking the details of the complaint, contacting and notifying for fact-finding, and notifying the results of processing.
C. Provision of goods or services
We process personal information for the purpose of goods delivery, service provision, invoice issuance, content provision, customized service provision, identity verification, age verification, fee payment and settlement, etc.
D. Utilization in Marketing and Advertising
We process personal information for the purpose of developing new services (products) and providing customized services, providing event and advertising information and offering participation opportunities, providing services and placing advertisements according to demographic characteristics, verifying the effectiveness of the service, determining the frequency of access, or generating statistics on members' use of services, etc.
Collection of Personal Information Items and Method of Collection
A. Collection Items
A-1. Collection items at the time of membership registration
Required items: Name, Gender, Login ID, Password, Email, Date of Birth, Address, Mobile Phone Number
Optional items: Home Phone Number, SMS receipt consent, Email receipt consent
Collection purpose: Member identification, delivery of notices, securing a smooth communication channel for confirmation of intent and complaint handling, etc.
A-2. Automatic Collection
Connection IP information, cookies, service usage records, access logs, etc.
A-3. Others (events, marketing activities, etc.)
Collection information: Address, Date of Birth, Telephone Number, Mobile Phone Number, Name, Email, etc.
In case of temporary collection of personal information for a specific purpose, separate notification is given and the information is collected.
B. Collection Method
B-1. Personal information is collected in the following ways.
Website (membership registration), written form, phone, fax, consultation board, event entry, service use, member information modification
Consent to Collection of Personal Information
The company sets up a process where you can check the 'Agree' button for the content of the company's personal information handling policy or terms of use. If you check the 'Agree' button, it is considered as your consent to the collection of personal information.
Installation, Operation, and Rejection of Automatic Personal Information Collection Device
A. 'Cookies', which store and retrieve usage information from time to time to provide individualized customized services, are used.
B. A cookie is a small piece of information that the server(http) operating the website sends to the user's computer browser, and it can also be stored on the hard disk of the user's PC computer.
- Purpose of cookie use: To identify the visit and use patterns of each service and website visited by the user, popular search words, secure connection status, etc., and to provide optimized information to the user.
- Installation, operation, and refusal of cookies: You can refuse to store cookies through the option settings in the 'Tools>Internet Options>Privacy' menu at the top of the web browser.
- If you refuse to store cookies, you may experience difficulties in using customized services.
Processing and Retention Period of Personal Information
A. The company processes and retains personal information within the period of personal information retention and usage as stipulated by laws and regulations, or within the period of personal information retention and usage agreed upon when collecting personal information from the data subject.
B. Each personal information processing and retention period is as follows and will be destroyed when the purpose of collection or provision is achieved.
- Membership registration information: When the member withdraws or is expelled from the membership
- In the case of temporary collection for purposes such as surveys and events: When the survey, event, etc., is concluded
C. However, if there is a need to retain it for a certain period for reasons such as confirming the rights and obligations related to transactions according to the provisions of the Commercial Law and 'Law on Consumer Protection in E-commerce,' etc., it is retained for a certain period.
- Records related to contracts or withdrawal of offers: 5 years
- Records related to consumer complaints or dispute resolution: 3 years
Provision and Sharing of Personal Information to Third Parties
The company does not use or provide personal information of users beyond the range notified in "Collection items and purpose of personal information" and "Purpose of using personal information," except when the user's consent is given or when stipulated by relevant laws and regulations. However, the following cases are exceptions.
- When users have previously agreed.
- When necessary for the settlement of fees due to service provision.
- When necessary for contract performance (product delivery/installation, service work)
- When there are sufficient grounds to believe that it is necessary to disclose customer information to take legal action against someone causing mental or physical harm to others.
- When necessary for statistical compilation, marketing analysis, or market research, and it is provided to external institutions or organizations, etc., in a form that cannot identify a specific individual.
- When it is required by other relevant laws and regulations or when required by investigative agencies for investigative purposes according to the procedures and methods prescribed by laws.
- When it is personal information necessary for the performance of a contract for service provision, and it is significantly difficult to obtain usual consent due to economic/technical reasons.
The Rights, Obligations of the Information Subject and Their Exercise
As a personal information subject, users can exercise the following rights.
A. The information subject can exercise the following personal information protection rights at any time against the company.
- Request to access personal information
- Request for correction if there are errors, etc.
- Request for deletion
- Request for processing suspension
B. The rights exercise according to paragraph 1 can be done to the company through written, email, fax, etc., according to the Form No. 8 of the Enforcement Regulations of the Personal Information Protection Act, and the company will take immediate action upon request.
C. If the information subject requests correction or deletion due to errors in personal information, the company will not use or provide the personal information until the correction or deletion is completed.
D. The rights exercise according to paragraph 1 can be done through a legal representative of the information subject or a person who has received a delegation. In this case, you must submit a power of attorney according to Form No. 11 of the Enforcement Regulations of the Personal Information Protection Act.
Destruction of Personal Information
In principle, the company destroys the relevant personal information without delay when the purpose of processing personal information is achieved. The procedure, deadline, and method of destruction are as follows.
A. Destruction Procedure
The information entered by the user is moved to a separate DB after the achievement of the purpose (in the case of paper, to a separate document), stored for a certain period according to internal policies and other relevant laws and regulations, and then destroyed immediately. At this time, the personal information moved to the DB is not used for other purposes unless required by law.
B. Destruction Deadline
The personal information of the user is destroyed within 5 days from the end of the retention period if the retention period of personal information has elapsed, and within 5 days from the day when it is recognized as unnecessary to process the personal information due to the achievement of the processing purpose, termination of the service, and end of the business.
C. Destruction Method
Information in electronic file format is destroyed using a technical method that cannot reproduce the record. Personal information printed on paper is destroyed by shredding or incinerating.
Measures to Ensure the Security of Personal Information
In accordance with Article 29 of the Personal Information Protection Act, the company is implementing the necessary technical/administrative and physical measures to ensure security as follows.
A. Minimizing and Training Employees Handling Personal Information
The company has designated and limited the employees who handle personal information to minimize it, and is implementing measures to manage personal information.
B. Regular Self-audit Performed
For the stability of handling personal information, the company conducts a self-audit regularly (once per quarter).
C. Establishment and Execution of Internal Management Plan
The company has established and is executing an internal management plan to safely process personal information.
D. Encryption of Personal Information
User's personal information and passwords are stored and managed in encrypted form, so only the user can know them. The company uses separate security functions such as encrypting files and transmission data or locking files for important data.
E. Technical Measures Against Hacking, etc.
The company has installed security programs to prevent leakage and damage of personal information caused by hacking or computer viruses, updates and checks them periodically, and installs the system in a controlled access area from the outside and technically/physically monitors and blocks it.
F. Restricting Access to Personal Information
The company takes necessary measures for controlling access to personal information through the granting, change, and cancellation of access rights to the database system that processes personal information. The company controls unauthorized access from the outside using an intrusion prevention system.
G. Preservation and Prevention of Alteration of Access Logs
The company keeps and manages the access logs to the personal information processing system for at least 6 months and uses security functions to prevent the access logs from being altered, stolen, or lost.
H. Use of Locking Device for Document Security
Documents and auxiliary storage media containing personal information are stored in a safe place with a locking device.
I. Control of Access by Unauthorized Persons
The company has set up a separate physical storage place where personal information is stored and has established and operates an access control procedure for it.
Personal Information Protection Officer
A. The company is responsible for overseeing the work related to the processing of personal information and has designated a Personal Information Protection Officer as follows, for the handling of complaints and damage relief related to the processing of personal information from the information subject.
Name:
Position:
Department:
Telephone number:
Fax number:
E-mail:
B. Information subjects can make inquiries to the Personal Information Protection Officer and the responsible department regarding all matters related to inquiries, complaint handling, and damage relief related to personal information protection that occur while using the company's services (or business). The company will answer and process the inquiries from the information subjects without delay.
Change of Personal Information Processing Policy
A. This personal information processing policy applies from the date of implementation, and if there are additions, deletions, and corrections of changes according to laws and policies, the changes will be announced through notifications from 7 days before the implementation of the changes.
Refusal of Unauthorized Collection of Emails
Please note that the collection of email addresses posted on this website without permission through the use of email collection programs or other technical devices is prohibited, and violators may be subject to criminal punishment under the Act on the Promotion of Information and Communications Network Utilization and Information Protection (Internet and Communications Network Act).
Article 50-2 (Prohibition of Unauthorized Collection of Email Addresses, etc.)
1. No one shall use a program or any other technical device to automatically collect email addresses from the Internet homepage without the prior consent of the operator or manager of the Internet homepage.
2. No one shall sell or distribute email addresses collected in violation of paragraph 1.
3. No one shall use the email addresses known to have been collected, sold, and distributed in violation of paragraphs 1 and 2 for information transmission.
