HANS PHARMA CO., LTD. (hereinafter “Company”) protects the personal information of the information supplier pursuant to Article 30 of the Personal Information Protection Act and establishes and discloses the personal information handling guideline as follows to promptly and efficiently handle the difficulties relating to such.
1. Objective of Personal Information Handling
Company handles personal information for the following objectives. The personal information handled is not used for any purpose other than the following objectives, and in the event the objective of use changes, necessary measures, such as obtaining a separate consent pursuant to Article 18 of the Personal Information Protection Act, will be taken.
1. Procurement of communication channel for additional survey relating to product administration and delivery of information relating to the products
2. Handling of consumer complaints
4. Product research and development and improvement
2. Personal Information Handling and Retention Period
① Company handles and retains personal information within the personal information retention and use period consented by the information supplier at the time of gathering the personal information or the personal information retention and use period pursuant to laws.
② Each of the personal information handling and retention period is as follows.
- Personal identification pursuant to use and confirmation of real name: 3 years
- Records on consumer complaints or settlement of disputes: 5 years from the termination date of handling the dispute
- Cases relating to product administration and medical information relating to the products: 5 years
- Product research and development and improvement: Until the achievement of the objective (for product research and development and improvement, only abstract information that cannot specify an individual after 5 years have passed may be retained)
3. Rights and Obligations of Information Supplier and Exercising Method
① The information supplier may exercise the rights relating to personal information protection in the following sections at any time against Company.
1. Demand to access personal information
2. Demand to make correction when there is an error
3. Demand for deletion
4. Demand for suspension of handling
② The exercise of rights pursuant to Clause 1 may be performed against Company through writing, email, or fax pursuant to the form in Exhibit No. 8 of the Enforcement Regulation of the Personal Information Protection Act, and Company shall take measures regarding such without delay.
③ In the event that the information supplier demands for correction or removal regarding an error in the personal information, Company shall not use or provide the concerned personal information until the correction or removal is complete.
④ The exercise of rights pursuant to Clause 1 may be performed through an agent that has been consigned or a legal representative of the information supplier. In this case, a power of attorney pursuant to the form in Exhibit No. 11 of the Enforcement Regulations of the Personal Information Protection Act must be submitted.
4. Items of Personal Information Handled
Company handles the following personal information items.
1. Personal identification and provision of service relating to products
Name, address, phone number, email address, and occupation
2. Other than that, the below personal information items may be automatically generated and collected in the course of using the service through the internet.
IP address, cookie, MAC address, service usage records, visit history, poor usage records, etc
5. Destruction of Personal Information
① Company destroys the pertaining personal information without delay when the personal information is deemed to be no longer necessary, such as when the objective of handling has been achieved or the personal information retention period has lapsed.
② In the event of having to preserve personal information pursuant to other laws, despite of achieving the objective of handling or the lapse of the personal information retention period consented by the information supplier, the pertaining personal information is preserved by transferring to a separate database or by using a different storage place.
③ The personal information destruction procedure and method are as follows.
1. Destruction procedure
Company selects the personal information with a cause for destruction, and destroys the personal information by obtaining the approval of the personal information protection manager of Company.
2. Destruction method
Company destroys personal information recorded or stored in an electronic file form so that the record may not be regenerated, and destroys personal information recorded or stored in a paper document through incineration or shedding in a shredder.
6. Personal Information Safety Procurement Measures
Company takes the following measures to procure safety of personal information.
1. Managerial measures: Establishment and implementation of internal management plans, regular employee training, etc.
2. Technical measures: Installation of security program, encryption of matters such as unique identifier, installation of access control system, and management of access authority
3. Physical measures: Access control such as to the data processing room or data storage room
7. Personal Information Protection Manager
Contact Information : +82-2-2203-8855, email@example.com You can ask any inquiries to the personal information protection manager for matters regarding damage relief, complaint processing, and any matters relating to personal information protection occurring while using the service of Company. Company will respond and handle the inquiries of the information supplier without delay.
8. Modification of Personal Information Handling Policy
① This Personal Information Handling Policy shall be applied from October 01, 2021.