1. How to Consent to Collection/Use of Personal Information
2. Items and Purpose of Collection/Use of Personal Information
The Company collects and uses the minimum personal information required for service delivery. It shall not be used for any purpose other than the one for which consent was provided, and if the purpose of use changes, the Company shall take necessary measures including obtaining consent from the information subject.
Information collection through the use of PC or mobile website services
Collection of information generated via a log analysis program
Collection of information via cookies
2)Items, purpose, and retention period of collected personal information
Purpose of collection and use Use of eCon-Network service, receipt and processing of inquiries, and notification of processing results
Collected items business type email address, company phone number, company name, country
3)Information generated and collected during service use or processing
During service use or processing, the following information may be generated and collected to deliver personalized services.
Frequency of use, service use duration and usage record
Access log and access IP information, cookie, usage record.
3. Period of Retention and Use, and Disposal of Personal Information
1)Period of use and retention
The Company shall retain and use personal information only during the period (usage period) to which the customer has provided consent for the purpose of service delivery and inquiry processing.
2)Procedure and method of personal information disposal
The information provided by the customer for service delivery is transferred to a separate database after the given purpose is achieved, stored for a certain period according to the reason for retention in accordance with internal policies and other relevant laws, and then disposed in the manner specified in subparagraph “c. Disposal Method” below. Personal information transferred to a separate database will not be used for any other purpose,
unless it is retained for legal reason.
Information for which the retention period and the preservation period have expired in accordance with relevant laws and regulations.
Personal information on handwritten or printed media: Shredding or incineration
Personal information stored in an electronic file format such as a database: Deleted irreversibly using a technical method.
4. Installation, Operation, and Rejection of Automatic Personal Information Collection Device.
During the usage of the Company’s service or inquiry processing, etc., cookies, service use records, and user device information may be automatically generated and collected.
A “cookie” refers to data that a website sends to the user’s web browser (Internet Explorer, Chrome, Firefox, etc.). The Company accesses the cookies saved on customers’ PCs from their visits to the website, analyzes the information stored on the cookies, such as browsing history, information of services used, time and frequency of service use, and other information generated or provided (entered) by customers during their use of the website and utilizes the results to provide better services, deter fraudulent use, and identify user errors.
Customers have the right to allow all cookies, request notifications whenever cookies are stored, or to block all cookies by selecting the relevant option through the “Internet Options” tab on the tool bar at the top of the web browser. However, blocking cookies may cause inconvenience in terms of service use.
5. Customers’ Rights regarding Personal Information and the Exercise of Such Rights
A customer can visit the Company’s website and submit a request for correction, deletion, or access regarding his/her personal information that is stored by the Company at any time.
1)A customer may request access and verification via the website and the Company’s customer service center.
2)When a customer requests access and verification of his/her own personal information, the customer must provide identification (or copy thereof) such as a resident registration card, a passport, or a driving license (new version) to verify his/her identity.
3)When a customer wishes to designate an agent to access and gain verification of his/her personal information, the customer must provide proof for the power of attorney, the certificate of registered seal in the customer’s name, and proof of identity for the agent, in order to verify the identity of the agent as necessary.
4)If a customer requests correction of his/her personal information, the relevant personal information shall neither be used nor provided to third parties before the update is completed. If incorrect information has already been provided to third parties, the Company shall immediately notify the relevant third parties with the corrected information to ensure that the necessary correction is made.
5)However, access and correction of personal information may be restricted in exceptional cases as follows:
a.If it is likely to cause substantial damage of the life, body, property or rights and interests of the principal or third parties.
b.If it is likely to cause substantial interference to the operation of the service provider.
c.If it violates laws or regulations.
6. Personal Information Manager and Customer Service Department
The Company has designated a personal information manager and a department responsible for personal information protection as follows and also operates a consultation channel for personal information protection to ensure clear communication with customers.
1)Personal information manager
Name and department: RM A3, 6/F BLK A WING NING BLDG 501 SHUN NING RD CHEUNG SHA WAN KL
Contact: + 86 543 22 343
7. Consent to the Consignment of Personal Information Processing
The Company externally entrusts personal information processing to operate and maintain its service, and to manage and provide convenience for customers. The Company manages the consignee by contractually obligating its compliance with the relevant laws and guidelines, information protection and confidentiality, and obligation to return/destroy personal information immediately after the expiration of the entrustment period, etc.
Purpose of consignment
8. Withdrawal of Consent to the Collection, Use or Provision of Personal Information
1)Customers may request to access, correct or delete personal information at any time. To access, correct, or delete personal information, contact the personal information manager in writing, e-mail, or phone, and appropriate actions shall be taken without delay following the identity verification process.
However, requests for personal information access may be restricted or refused in the following cases:
If there are special regulations under the law or when access is prohibited or restricted by law.
If there is a risk of harming another person’s life or body, or unjustly infringing another person’s property and other interests.
If it is likely to cause substantial interference to the operation of the service provider.
2)Customers may request the withdrawal of consent to the collection and usage of personal information, and request the deletion, or suspension of processing regarding such data. Contact the personal information manager, and appropriate actions shall be taken without delay following the identity verification process.
9. Data Collection of Children Under Age 14
In principle, the Company does not collect personal information of children under the age of 14 (hereinafter referred to as “Children”).
10. Technical and Administrative Protection of Personal Information
The Company has implemented the following technical and administrative measures to ensure security by preventing the loss, theft, leakage, tampering or damage of personal information.
1)Technical protection measures
a.Personal information is protected by a password, and critical data is protected with additional security functions such as encryption of files and transmitted data or using a file locking function.
b.The Company adopts a security system for the secure transmission of personal information over its networks.
c.In order to prevent the leakage of customers’ personal information by various intrusion methods (e.g., hacking), the Company installs its systems in a controlled area with restricted external access and use of intrusion-blocking devices.
2)Administrative protection measures
a.The Company has implemented a procedure for managing and accessing customers’ personal information, ensuring understanding and compliance among employees, and carrying out regular inspections on the compliance status.
b.The Company minimizes the number of employees who handle personal information and manages access authority, while providing training on compliance with laws and regulations. The employees who handle customers’ personal information are as follows:
Those in direct or indirect customer-facing roles
Those in charge of the management and protection of personal information including personal information manager or personal information officer
Other employees who unavoidably access personal information when carrying out work-related tasks
c.When hiring new employees, the Company prevents the leakage of information (including personal information) by employees by requiring them to sign a pledge of information security, while providing frequent reminders of obligations for personal information protection and implementing an internal procedure to audit their compliance.
d.The handover of responsibilities by a personal information handler is conducted while ensuring strict security and clearly-defined liability against cases of personal information infringement when joining or leaving the Company.
11. Duty of Notification
Notification Date: January 21, 2021