| Classification | Privacy Protection Officer | Privacy Protection Manager |
|---|---|---|
| Name | Director Park Jeong-ho | Director Park Jeong-ho |
| Phone | 070-4376-2215 | 070-4376-2215 |
| privacy@newen.ai | privacy@newen.ai |
1. Purpose of Processing Personal Information
The Company processes personal information for the following purposes and does not use it for any other purposes.
1) Responding to inquiries about solutions and services
2) Management of job applicants
2. Status of Personal Information Files
1) List of Inquirers (Solutions & Services)
- Items: Name, Email, Mobile number, Company phone number, Job title, Position, Department, Company name, Website URL, Inquiry details
- Collection Method: Website, Email
2) List of Job Applicants
- Items: Name, Email, Mobile number, Department applied for
- Collection Method: Website, Email
3) List of Report Downloaders
- Items: Name, Email, Mobile number, Company phone number, Job title, Department, Company name
- Collection Method: Website (Inquiry, Report download)
4) List of Consenters for Marketing Use
- Items: Name, Email, Mobile number, Company phone number, Job title, Department, Company name
- Collection Method: Website, Email
3. Processing and Retention Period of Personal Information
The Company processes and retains personal information within the period of retention and use in accordance with relevant laws or within the period agreed upon by the data subject at the time of collection. Each personal information processing and retention period is as follows.
1) Personal Information File Name: List of Inquirers (Solutions & Services)
- Basis for Retention: Responding to inquiries about solutions and services
- Retention Period: Destroyed after 1 year of storage
- Exceptions: Cases where consent is obtained from the inquirer/applicant due to the need to extend the retention period, or where information included in the post is subject to other legal regulations.
2) Personal Information File Name: List of Job Applicants
- Basis for Retention: Management of job applicants
- Retention Period: Destroyed after 1 year of storage
- Exceptions: Cases where consent is obtained from the inquirer/applicant due to the need to extend the retention period, or where information included in the post is subject to other legal regulations.
3) Personal Information File Name: List of Report Downloaders
- Basis for Retention: Management of the report downloader list
- Retention Period: Destroyed after 1 year of storage
- Exceptions: None.
4) Personal Information File Name: List of Consenters for Marketing Use
- Basis for Retention: Management of consenters for marketing use
- Retention Period: Destroyed after 1 year of storage
- Exceptions: None
4. Matters Concerning the Provision of Personal Information to Third Parties
The Company does not provide personal information to third parties.
5. Entrustment of Personal Information Processing
The Company does not entrust the processing of personal information to external parties.
6. Processing and Retention Period of Personal Information
1) The data subject may exercise the following rights related to personal information protection against the Company at any time.
- Request to inspect personal information
- Request for correction in case of errors, etc.
- Request for deletion
- Request to suspend processing
2) Rights under Paragraph 1 may be exercised against the Company in writing, via email, or by facsimile (FAX) in accordance with Form No. 8 of the Enforcement Rules of the Personal Information Protection Act, and the Company will take action without delay.
3) If a data subject requests the correction or deletion of an error in personal information, the Company will not use or provide the personal information until the correction or deletion is completed.
4) Rights under Paragraph 1 may be exercised through a legal representative of the data subject or an authorized agent. In this case, a power of attorney must be submitted in accordance with Form No. 11 of the Enforcement Rules of the Personal Information Protection Act.
7. Processing and Retention Period of Personal Information
The Company processes the following personal information items.
1) Personal Information File Name: List of Inquirers (Solutions & Services)
- Mandatory Items: Email, Name
- Optional Items: Mobile number, Company phone number, Job title, Department, Company name
2) Personal Information File Name: List of Job Applicants
- Mandatory Items: Email, Mobile number, Home address, Gender, Date of birth, Name, Educational background
- Optional Items: Job title, Department, Company name
3) Personal Information File Name: List of Report Downloaders
- Mandatory Items: Email, Mobile number, Home address, Gender, Date of birth, Name, Educational background, Job title, Department, Company name
4) Personal Information File Name: List of Consenters for Marketing Use
- Mandatory Items: Email, Mobile number, Home address, Gender, Date of birth, Name, Educational background, Job title, Department, Company name
8. Destruction of Personal Information
In principle, the Company destroys the relevant personal information without delay once the purpose of processing the personal information has been achieved. The procedure, deadline, and method of destruction are as follows.
1) Destruction Procedure
- Information entered by the user is transferred to a separate database (or a separate filing cabinet for paper documents) after the purpose is achieved, and is destroyed immediately or after being stored for a certain period according to internal policies and other relevant laws. At this time, the personal information transferred to the database will not be used for any other purpose unless required by law.
- If the retention period for the user's personal information has expired, the information will be destroyed within 5 days of the end of the retention period. If the personal information becomes unnecessary due to reasons such as the achievement of the processing purpose, termination of the relevant service, or closure of the business, the information will be destroyed within 5 days from the date it is deemed unnecessary.
2) Destruction Method
- Information in the form of electronic files is destroyed using technical methods that make the records unrecoverable.
- Personal information printed on paper is destroyed by shredding with a shredder or by incineration.
9. Measures to Ensure the Safety of Personal Information
In accordance with Article 29 of the Personal Information Protection Act, the Company takes the following technical, administrative, and physical measures necessary to ensure safety.
1) Implementation of regular self-audits
- To ensure safety related to the handling of personal information, self-audits are conducted on a regular basis (once per quarter).
2) Minimization and training of employees handling personal information
- The Company implements measures to manage personal information by designating specific employees who handle personal information and limiting access to a minimum number of responsible persons.
3) Establishment and implementation of an internal management plan
- An internal management plan is established and implemented for the safe processing of personal information.
4) Technical measures against hacking, etc.
- To prevent leakage or damage of personal information caused by hacking or computer viruses, the Company installs security programs and performs periodic updates and inspections. Systems are installed in areas where access from the outside is controlled to monitor and block threats both technically and physically.
5) Encryption of personal information
- Users' personal information and passwords are stored and managed in an encrypted form so that only the user knows them. For important data, separate security features are used, such as encrypting files and transmission data or using file-locking functions.
6) Retention of access records and prevention of forgery
- Records of access to the personal information processing system are maintained and managed for at least six months, and security features are used to prevent access records from being forged, altered, stolen, or lost.
7) Restriction of access to personal information
- Necessary measures are taken to control access to personal information by granting, changing, and canceling access rights to the database system that processes personal information. Unauthorized access from the outside is controlled using an intrusion detection/prevention system.
8) Use of locking devices for document security
- Documents and auxiliary storage media containing personal information are stored in a safe location equipped with locking devices.
9) Access control for unauthorized persons
- A separate physical storage location for personal information is maintained, and access control procedures for this location are established and operated.
10. Personal Information Protection Officer
The Company is responsible for the overall management of personal information processing and has designated a Personal Information Protection Officer as follows to handle complaints and provide remedies for data subjects related to personal information processing.
- Data subjects may inquire about all personal information protection-related matters, complaint handling, and damage relief arising from using the Company's services (or business) to the Personal Information Protection Officer and the responsible manager. The Company will respond to and process inquiries from data subjects without delay.
11. Changes to the Personal Information Processing Policy
This Personal Information Processing Policy is applied from the effective date. In the event of any additions, deletions, or corrections to the content in accordance with laws and policies, the Company will notify users through announcements at least 7 days prior to the implementation of such changes.