1. Personal information collected and the method of collection
2. Purpose of personal information collection and use
3. Sharing and provision of the collected personal information
4. Outsourcing of personal information processing
5. Period of retention and use of the collected personal information
6. Procedure and method of personal information disposal
7. Measures to ensure the security of personal information
8. Rights of users and their legal representatives and how to exercise those rights
9. Matters relating to the installation and operation of an automatic personal information collection device and rejecting said device installation and operation
10. Personal information management officer and division in charge of personal information management
11. Duty of notice
This Privacy Policy is in effect as of January 1, 2020.
1. Personal information collected and the method of collection
1) Collected Items: The Company collects the personal information listed below in order to process and manage inquiries about the Company, inquiries on services and products, inquiries on employment, inquiries about the website, reports of fraudulent acts, and reports related to security, etc.:
- Required Information: Data subject’s name, company name, e-mail address, and contact information
- Data subject’s right to deny consent and the disadvantages that result from denial of consent
• Data subjects have the right to deny consent to the collection of required information.
• Data subjects have the right to deny consent to the collection of optional information, outside the scope of required information.
If a data subject refuses consent, it may become impossible to respond to the data subject’s inquiries.
2) Collection Method: The Company collects personal information in the method specified below.
- The “Estimates” menu on the website
2. Purpose of personal information collection and use
The Company uses the collected personal information for the purposes outlined below.
- To provide feedback to and manage customer inquiries regarding the Company or its services, products, website, etc.
3. Sharing and provision of the collected personal information
In principle, the Company does not provide the users’ personal information to external parties. Exceptions apply, however, as described in the cases below.
- If the user gave prior consent
- If the information is being provided according to the law or is requested by an investigative agency according to the procedure and method set forth in the law.
4. Outsourcing of personal information processing
In principle, the Company does not outsource the processing of the users’ personal information. Exceptions apply, however, to the following cases.
- If users gave prior consent
- If the outsourcing of information processing is carried out according to the law or is requested by an investigative agency according to the procedure and method set forth in the law.
5. Period of retention and use of the collected personal information
Collected personal information is disposed of without delay after an appropriate response has been provided to a user inquiry about the Company or its services, products, website, etc.
6. Procedure and method of personal information disposal
In principle, the Company disposes of collected personal information after the purposes of collection and use of the information has been fulfilled. The procedure and method of information disposal is specified below.
1) Procedure of Disposal: Once the purpose of personal information collection is fulfilled, the information is stored for a set period of time for information protection as set forth in the Company’s internal policies (Refer to “Period of retention and use of the collected personal information.”) and then it is disposed of. The personal information is not used for purposes other than retention unless required otherwise by the law.
2) Method of Disposal: Personal information stored in a paper form is disposed of by shredding the paper using a shredder or incinerating the paper and personal information in the form of electronic files is destroyed by deleting the file using a technical method that disables the reproduction of the record.
7. Measures to ensure security of personal information
The Company takes the necessary technical, administrative, and physical measures described below to ensure the safety of personal information.
1) Establishment and Implementation of an Internal Management Plan: The Company has established and implemented an internal management plan for personal information protection.
2) Minimization and Training of Persons in Charge of Personal Information Handling: The Company takes the actions necessary to control access to personal information through the assignment, change, and revocation of access authorities for the database system where personal information is processed. The Company also restricts unauthorized access from external sources to the database system by using a firewall system.
3) Storage of Access Records and Prevention of Forgery and Alteration: The Company stores and manages records of access to the personal information processing system (web log, summary information) for at least six months and uses a security function to prevent forgery, alteration, theft, and loss of access records.
4) Technical Measures against Hacking, etc. and Unauthorized Access Control: In order to prevent leakage or damage to personal information via attack or computer virus, the Company installs and periodically updates/inspects a security program, installs its database system in an area to which access from the outside is restricted, and it technically and physically monitors the system. In addition, the Company detects attempts to illegally change stored information while it administers network traffic monitoring.
8. Rights of users and their legal representatives and how to exercise those rights
Users and their legal representatives can access or correct their registered personal information at any time. When a user requests to have access or for the correction or deletion of his or her personal information from the personal information management officer over the phone or through e-mail, necessary actions will be taken without delay following the user authentication process.
If a user requests the correction of an error in his or her personal information, the personal information will not be used or provided to a third party until the correction is completed. In addition, if incorrect personal information has already been provided to a third party, the correction processing result will be notified without delay to the third party in order to ensure the correction of the information provided.
The Company processes personal information that has been canceled or deleted by the request of the respective user or his or her legal representative according to the “Period of retention and use of the collected personal information” and prevents the information from being accessed or used for other purposes.
9. Matters relating to the installation and operation of an automatic personal information collection device and rejecting said device installation and operation
The Company does not install or operate any device that collects personal information, such as cookies, automatically created in the course of using Internet services.
10. Personal information management officer and division in charge of personal information management
1) Personal Information Managing Department
TEL : +82-31-304-9667
Email : nbpharm@ninebiopharm.com
2) Chief Privacy Officer
TEL : +82-31-304-9667
Email : nbpharm@ninebiopharm.com
Users can file all personal information protection-related complaints generated in the course of using the Company’s services to the personal information management officer or the division in charge of personal information management. The Company will promptly provide users with an appropriate responses to their complaint or report. For other reports regarding consulting services on personal information breach, please contact the organizations listed below.
1. Personal Information Dispute Mediation Committee (www.kopico.go.kr) : +82-2-2100-2499
2. Cyber Crime Investigation Division of the Supreme Prosecutors’ Office (http://cyberbureau.police.go.kr/) : +82-2-3480-3571
3. Cyber Bureau of the Korean National Police Agency (http://www.spo.go.kr/) : (No area code) 182
A person whose rights or interest have been infringed by a disposition taken by the head of a public organization or due to nonfeasance in relation to the provisions of Article 35 (Access to Personal Information), Article 36 (Correction and Erasure of Personal Information), or Article 37 (Suspension, etc. of Processing of Personal Information) of the Personal Information Protection Act can request an administrative trial according to the Administrative Appeals Act.
※ For details on administrative trials, refer to the website of the Ministry of Government Legislation (http://www.moleg.go.kr).
11. Duty of notice
If the content of the current Privacy Policy is amended, deleted, or modified, the changes will be notified through the Notice section of the website at least seven days prior to the amendment.