'23년 결산배당 조회서비스
※ 운영기간 : '24년 4월 1일 9:00 ~ '24년 4월 30일 24:00
Dong-A ST (or 'Company') values users' personal information and complies with applicable personal information protection laws and regulations such as the "Act on Promotion of Information and Communications Network Utilization and Information Protection" and the "Personal Information Protection Act".
The company complies with legal and regulatory requirements, ensuring the protection of information assets from internal and external security threats through the implementation of personal data protection practices, as outlined in this policy.
Additionally, if the company revises this Personal Data Processing Policy, it will be announced through the website notice (or individual notice).
1. Personal Information Collection and Collection Methods
The company collects the following personal data from users during membership sign-in or of service. If the user is under 14 years old, personal information is not collected, except for certain inevitable situations where the company obtains prior consent from the child's legal guardian. Users may rightfully object to their personal information being collected. Note that without the user's consent, you may not be able to fully use our services, such as customer inquiries and our answers provided.
(1) Personal Information Collected
• For identity verification and service provision: name, address, phone number, email
• Automatically collected via cookies on our website: User IP, services used, simple navigation on the website
The company does not collect sensitive information that may significantly infringe on the user's privacy (such as ideology, membership in a labor union or political party, political views, health, sexual intercourse, etc.).
(2) Methods of Personal Information Collection
• Collected through direct input from the user during webpage sign-in and use of the company website, written forms, phone calls (including SMS and MMS), faxes, emails, etc.
• Collected with information collection tools
2. Purpose of Personal Information Collection and Usage
The company only processes the personal information collected for the following purposes. The personal information being processed will not be used for purposes other than those specified below and if there is a change in the purpose, prior consent will be obtained from users.
(1) Member Management
• Identification of the user and verification of users under 14 years old to offer our services
• Confirmation of sign-in intention, prevention of recurrence of improper use by mal-intended members
• Identify the user when the data subject demands his/her data to be read, corrected, deleted, or stopped being used
(2) Service Provided
• Customer inquiries, online/offline consultations
• Any obligations abidd by the service contracts
(3) Utilization in Marketing and Advertising Activities
• Compile access frequency and use of service for the statistics purpose
3. Retention and Usage Period of Personal Information
The company processes and retains personal information within the period for which consent was stored from the user at the time of collection.
However, when applicable laws and regulations require personal information to be retained, the information will be stored for the period specified by them.
(1) Preservation according to company policies
• If individual consent has been obtained from the user: the period specified in the consent
• Personal information of withdrawn members: 1 month from the date of withdrawal
• Online inquiries and email inquiries: 1 year from the date of collection
(2) Preservation according to applicable laws and regulation
• Records related to the cancellation of contracts or subscriptions, etc: 5 years (according to the Act on the Consumer Protection in Electronic Commerce)
• Records related to payment for and supply of goods, etc: 5 years (according to the Act on the Consumer Protection in Electronic Commerce)
• Records related to resolution of consumer complaints or disputes: 3 years (according to the Act on the Consumer Protection in Electronic Commerce)
• User’s internet log records, IP, and website simple navigation records: 3 months (according to the Protection of Communications Secrets Act)
• Other communication confirmation data: 1 year (according to the Protection of Communications Secrets Act)
4. Provision of Personal Information to Third Parties
The company uses the client's personal information within the scope notified for the purpose of the collection and use and, in principle, does not provide it outside of the company, except for the following:
• Where additional consent is obtained from the data subject
• Where special provisions exist under laws
When the company obtains consent for the provision of personal information to third parties, it must inform the data subject of the purpose, personal information to be provided, the recipient of the personal information, and the retention and usage period by the recipient to which the data subject is entitled to deny consent.
5. Procedures and Methods for Destroying Personal Information
The company without delay destroys personal information when it becomes unnecessary, owing to the expiry of the retention period, and attainment of the purpose of processing the personal information. Provided, that this does not apply when the retention of such personal information is mandatory by laws; thus, the corresponding personal data will be moved to a separate database or stored in a different location.
(1) Destruction Procedures
• Personal information is stored for a certain period per internal policies and applicable laws and then is destroyed after the attainment of the purpose.
• Personal information transferred to a separate database is not used for purposes other than retention unless otherwise required by law.
(2) Destruction Methods
• Personal information stored in electronic file formats is permanently and unrecoverably deleted.
• Personal information printed on paper is destroyed by shredding or incineration.
6. Contracted Personal Information Processer
The company entrusts the processing of personal information to ensure smooth handling of personal information tasks. When personal information processing is entrusted, the company defines and oversees that the trustee must not process personal information for purposes other than the entrusted tasks, must implement technical and managerial protection measures for personal information, must restrict subcontracting, must monitor the personal information handling, and must be responsible for any damages. The company controls and supervises to ensure that the trustee safely processes personal information.
| Trustee | Contracted Tasks |
|---|---|
| DA Information Co., Ltd. | Website and system management |
| Dong-A Socio Holdings Co., Ltd. | Customer support services |
7. Rights (and its exercise) and Obligations granted to Users and their Legal Guardians
Users and legal guardians are entitled to request, at any time, access, correction, delete, cessation of the processing, and consent cancellation for personal information related to themselves or the user under 14 years of age.
(1) Access, Correction, and Deletion of Personal Information
If you wish to access, correct, or delete your personal information, you can use the "My Data" (or "My Information") menu on the website or contact the company's personal information manager in writing, or by phone or email, and we will take action without delay.
(2) Suspension of Personal Information Processing
If you wish to suspend the processing of your personal information, contact the company's personal information officer in writing, or by phone or email for immediate actions to be taken. Provided, that the company may refuse the request to suspend processing where special provisions exist in laws or where processing the said personal information is required to comply with legal obligations, for which the reasons will be communicated to the user or its legal guardian.
(3) Withdrawal of Consent for Collection, Use, and Provision of Personal Information
Users and legal guardians can withdraw their consent for the collection, use, and provision of personal information at any time. To do so, users can follow the "Member Withdrawal" procedure, or contact the company's personal information management officer in writing, by phone, or by email to request a withdrawal, and the company will promptly take necessary measures, such as deleting the personal information.
8. Personal Data Protection Manager and Responsible Team
To protect users' personal information and address grievances related to personal information, the company has designated a responsible team and person in charge as follows:
(1) Responsible team
Team: Audit Team
Person in Charge: Jeong-il Lee
Phone: +82-2-920-8254
Email: e2040501@donga.co.kr
(2) Personal Data Protection Manager
Name: Myeongwon Chung
Phone: +82-2-920-8830
Email: st_ciso@donga.co.kr
(3) Other Agencies
If you need to report or consult about personal information leakage, please contact the following agencies.
• Personal Information Infringement Report Center (privacy.kisa.or.kr/ (No area code) 118)
• Supreme Prosecutors' Office Cyber Crime Investigation Unit (www.spo.go.kr/ (02)3480-3573)
• National Police Agency Cyber Terror Response Center (www.netan.go.kr/ (02)1566-0112)
9. Installation and Operation of Visual Data Processing Devices
The company, in installing and operating visual data processing devices to keep the facility from crime and fire, controls them properly and legally according to relevant laws and regulations to guarantee the rights and interests of the data subjects.
(1) Ground and Purpose of Installing Visual Data Processing Devices
The company installs and operates visual data processing devices for the following purposes in accordance with Article 25-1 of the Personal Information Protection Act:
• Facility safety and fire prevention
• Management and control of access for personnel and vehicles
• Crime prevention for the safety of employees and visitors
• Prevention of vehicle burglary and damage
• Prevention of trespass
(2) Number and location of devices, scope of photographing
| Type | Number of Installations: | Installation Location and Scope of Photographing |
|---|---|---|
| CCTV | 445 units | Key areas within and around the building's parking facility |
| License Plate Recognition Camera | 1 unit | Parking lot gates (plate) |
(3) Responsible Team and Personnel with Access to Video Data
| Area (Site) | PIC | Contact |
|---|---|---|
| Company-wide | Data Security Supervisor | +82-2-920-8250 |
| Head Office | Safety Management Team Leader | +82-2-920-8103 |
| Sales Branch | Operational Support Team Leader | +82-2-920-8230 |
| Research | R&D Operations Team Leader | +82-41-629-6210 |
| Production | Production Management Team Leader | +82-31-280-1305 |
(4) Visual Information Recording Time, Retention Period, Storage Location, and Processing
• Recording Time: 24 hours
• Retention Period: 30 days from the date of recording
• Processing: Record and manage requests related to the use of personal visual information beyond the purpose, third-party provision, destruction, and access, and permanently delete the information once the retention period expires.
(5) How to and Where to View Visual Information (footage)
• How to view: If you want to view personal visual information, contact the person in charge of visual information at each site to arrange your visit and then make a visit to the company.
• Where to view: Visual Information Room at corresponding Dong-A ST site
(6) Actions on Requests related to Visual Information made by Data Subjects
If data subjects want to view, confirm, or delete their personal visual information, they can make such requests to the visual information manager. However, this is limited to visual information that the data subjected is included and the request is explicitly necessary to prevent life threats, personal harm, or property damage.
The company will take necessary actions without delay when such a request regarding personal visual information is made. However, requests to view personal visual information may be refused in the following cases:
• When significantly interfering with a criminal investigation, the maintenance of prosecution, or the performance of a trial
• When taking necessary actions regarding the request could result in grave concerns of infringing someone else's privacy
• When there are other reasonable justifications to refuse the data subject's requestp>
(7) Security Measures to Protect Visual Information (Technical, Managerial and Physical Measures)
• The company does not arbitrarily collect visual information or record beyond the aforementioned purposes (refer to (1)). Collected and stored visual information is managed in access restricted area where only authorized personnel can access and by a secured system with a password and locking devices.
• The company manages visual information collected through visual information processing devices as confidential or higher and prohibits any arbitrary viewing, playback, or export outside the company.
• The company records and controls matters related to the use of personal visual information beyond the pre-defined purpose, third-party provision, viewing requests, and destruction. Expiring the retention period, the visual information is permanently and irrevocably deleted.
10. Installation, Operation, and Refusal of Automatic Data Collection Tools
The company operates 'Internet cookies' that constantly store and identify user information. Cookies are light text files sent by the server used to operate the website to your browser and stored on your computer's hard disk.
(1) Automatically Collected Items
Access IP, browsing sessions, visit records (Retention period: 3 months)
(2) Purpose of Using Cookies
Cookies are used to understand the website visits, browsing patterns, and service details of the user to offer a stable website environment.
(3) Allow or Decline Cookies
Users can turn on/off cookies. By selecting options in the web browser, users can allow all cookies, be prompted each time a cookie is stored, or refuse all cookies.
Enable cookies (for Internet Explorer): select Tools > Internet Options > Privacy > Advanced
11. Measures to Ensure the Security of Personal Data
The company takes the following measures to ensure the security of users' personal data, preventing loss, theft, leakage, alteration or damage:
(1) Managerial Measures
The company has established and implemented in-house plans for the safe processing of personal data, operated the number of personnel handling personal data to a minimum, and conducted regular training on personal information protection.
(2) Technical Measures
To prevent external security threats such as hacking, the company controls access from the outside by installing intrusion prevention systems and security programs. The company also keeps records of access to the personal data processing system and takes measures to prevent forgery and alteration of these records. Users' personal data is stored in encrypted forms, and access to personal data is restricted by granting, changing, and deleting access permits to the personal information processing system.
(3) Physical Measures
The company designates data processing rooms and archives as protected areas and controls access to these areas.
12. Notification of Changes to the Privacy Policy
The company will notify details of changes to this Personal Data Processing Policy along with the reasons on the company's website, whenever any addition, deletion, or revision to this Policy is made due to enactment/amendment of relevant laws and regulations, inhouse policies, or security technologies.
Enforced on April 1, 2023
[Privacy Policy History]
• v1.2 had been effective from November 1,
2022 to March 31, 2023 Click
• v1.1 had been effective from June 1,
2022 to October 31, 2022 Click
• v1.0 had been effective from July 26,
2021 to May 31, 2022 Click
