1. Purposes of Handling Personal Information
ABLUE (hereinafter referred to as the “Company”, https://www.ablue-global.com) handles users’ personal information for the following purposes. It shall not be used for purposes other than originally intended:
Confirmation of a customer’s intention; user authentication/certification for providing services; membership maintenance/management; payment for supply of goods/services; supply or distribution of goods/services, etc.
2. Personal Information Handling and Retention Period
The Company shall handle and keep users’ personal information within the personal information retention & use period in accordance with the duration agreed by the information owner at collection of such personal information or related laws.
Specific personal information handling & retention period shall be as follows:
☞ Based on the following example, personal information handling and retention period, related laws and legal grounds are stated:
(E.g.) – User subscription and management: Until the termination of the Service Contract or withdrawal from membership; until debts and obligations are solved if they exist
Contact cancellation/withdrawal of subscription, payments and supply records (e.g., goods, etc.) on e-commerce: 5 years
3. Information Owner’s and Legal Representative’s Rights & Obligations and their Exercises As the owners of personal information, users are permitted to exercise their rights as follows:
The information owner is authorized to exercise the following rights concerning the protection of personal information against the Company anytime:
1. Request for access to personal information
2. Request for correction when any error or misstatement is found
3. Request for deletion
4. Request for the suspension of processing
4. Items to be Handled
① The Company handles the following personal information:
- Required items: Email, name, office phone number, firm name
5. Destruction of Personal Information Once the purposes of personal information are accomplished, it shall be destructed immediately. The personal information destruction procedures and methods are as follows:
Once the purposes are accomplished, the information is moved to the separate database (separate documents in case of paper) and kept for a certain period of time or destructed immediately pursuant to internal policy and other related laws. The personal information kept in the separate database shall not be used for purposes other than originally intended unless otherwise specified by law.
Once the retention period expires, the Company will destroy the personal information within five (5) days from the expiry date. If the personal becomes unnecessary after the achievement of its purposes, end of business and others, it will also be destructed within five (5) days from the date when it is deemed useless to handle the personal information
6. Installation & Operation or Refusal of Automatic Personal Information Collection System
① The Company uses a cookie that contains and, on occasion, loads information of the users to provide personalized and customized services.
② A cookie indicates a small text file stored on the hard disk of a user’s computer, which is sent to the user browser by the website server (http).
B) Installation & Operation or Refusal of Cookies: Uses are able to refuse the storage of cookies through ‘Tools’ > ‘Internet Options’ > ‘Privacy’ on top.
C) If you refuse to install cookies, there might be some difficulties in getting the services.
7. Chief Privacy Officer
① To undertake personal information processing-related tasks, handle related complaints and rescue damages, the Company shall have a Chief Privacy Officer as stated below:
Chief Privacy Officer
Name : Lee Myung-wook
Job title: CEO
Job title: CEO
※ Connected to Privacy Department
Departmen : Overseas Sales Division
Manager: Han Byung-hoon
② The information owner is permitted to contact the related department or Chief Privacy Officer, concerning inquiry about all personal information-related issues, complaint handling and damage relief resulting from the use of the services of the Company. Then, the Company will respond to such issues without delay.
9. Measures Taken for Safety of Personal Information The Company is taking technical, managerial and physical measures needed for the safety of personal information pursuant to Article 29 of the Personal Information Protection Act as follows:
1. Periodic internal audit
We perform an internal audit quarterly to keep personal information safe and secure.
2. Minimization of privacy staff and required training
We have privacy staff separately and limit its number to the minimum required.
3. Internal control planning and implementation
We have developed and implemented an internal control plan to handle personal information in a safe and secure fashion.
4. Encryption of personal information
Users’ personal information is encrypted and stored and managed securely. Important files and data are also being locked or encrypted.
5. Locking for document security
We keep documents and other storage media containing personal information with a lock in a safe place.