Privacy Policy (General)

 

Haewang Shipping (hereinafter, "the Company") has the following handling policy to protect the personal information and rights of the users in accordance with the Personal Information Protection Act and to ensure smooth processing of the users' needs and complaints related to personal information.

 

The Company will announce through the website's announcement (or individually notify) when revising the personal information handling policy.

 

1. Purpose of collection and use of personal information

 

The Company handles personal information for the following purposes. The handled personal information will not be used for any purpose other than the following purposes, and consent will be acquired in advance in the event of any change in the purpose of use.

 

A. Website membership subscription and management

We handle personal information to verify the intent to subscription for membership, identify and certify members, maintain and manage membership status, verify members following a restrictive self verification system, prevent unlawful use of services, and preserve records for all types of notices, grievances, and dispute resolution, among others.

 

B. Handling of complaints and affairs

We handle personal information for the purposes of verifying the identity of the complainant, verifying the matters of complaint, making contacts and notifying for the investigation of facts, and notifying the result of handling, among others.

 

C. Provision of goods or services

We handle personal information for the purposes of delivering goods, providing services, mailing out invoices, providing contents, providing customized services, personal authentication, age verification, bill payment, and settlement, among others.

 

D. Use in marketing and advertising

We handle personal information for the purposes of providing new service (product) development and customized services, providing events and advertising information and participation opportunities, providing services as per demographic characteristics, posting advertisements, validation of services, identification of access frequency or statistics concerning the members' use of services, among others.

 

2. Items of personal information collected and collection method

 

① Items collected

 

A. Items collected at the time of joining membership

- Required items: Name, gender, login ID, password, e-mail address, date of birth, address, and mobile phone number

- Optional items: Home number, consent to receive SMS, and consent to receive e-mails

- Purpose of collection: Securing of smooth communication channels such as forwarding of member identification and matters of notification, confirmation of own intent and handling of complaints, among others

 

B. Automatic Collection

- Connection IP information, cookies, service usage logs, and access logs, etc.

 

C. Other (events or marketing activities, etc.)

- Collected information: address, date of birth, phone number, mobile phone number, name, and e-mail address, etc.

- In the event of collecting personal information for the short term for any other purposes, it shall be separately notified and collected.

 

② Collection method

 

Personal information is collected in the following manners.

 

- Website (membership subscription), written form, phone, fax, consultation bulletin, event application, use of services, and revision of member information

 

3. Consent to the collection of personal information

 

By you clicking on the "Accept" button, you will be deemed by the Company to have agreed to the collection of personal information in regards to the Company's privacy policy or terms and conditions of use.

 

4. Matters concerning the installation, operation and refusal of automatic collection device for personal information

 

① We use 'cookies' to store the usage information and retrieve it frequently to provide customized services.

 

② A cookie is a small quantity of information sent by a server (http) used to operate a website to the user's computer browser and is also stored on the hard disk of the user's PC.

 

A. Purpose of use of the cookies: It is used to provide optimized information to the users by identifying the types of each service and website visited by the users, popular keyword for search, and security access, among others.

 

B. Installation, operation and refusal of cookies: You can refuse to store cookies by setting options in the 'Tools> Internet Options> Privacy' menu at the top of the web browser.

 

C. If you refuse to store cookies, you may experience difficulties in the use of customized services.

 

5. Handling and retention period for personal information

 

A. The Company handles and retains personal information within the period of retention and use of the personal information consented to at the time personal information is collected from the period of retention or use of personal information or information as per statutes.

 

 

B. Each personal information handling and retention period is destroyed when the purpose of collection or purpose of receipt is achieved as follows.

 

- Membership subscription information: when you withdraw or are removed from the membership

- When collected for temporary purposes such as questionnaire surveys and events, etc.: when questionnaire surveys and events, etc.. are completed

 

C. However, it shall be retained for a certain period of time if there is a need to retain it for a certain period of time due to the verification of the relationship between the rights and obligations of the transaction as follows in accordance with the Commercial Act and the Act on the Consumer Protection in Electronic Commerce, Etc.

 

- Records on contract or withdrawal of subscription: 5 years

- Records of consumer complaints or dispute handling: 3 years

 

6. Provision and sharing of personal information to and with third parties

 

The Company shall not use or provide the personal information of the users to any third party beyond the scope specified in the "Collected items of personal information and purpose of collection" and "Purpose of use of the personal information" except where there is a consent of the user or pursuant to the provisions of relevant laws and regulations. However, exceptions shall be applied in the following cases.

 

- Where users have agreed in advance.

- Where necessary for settlement of fees according to service provision.

- Where necessary for contract performance (product delivery / installation, and service work)

- Where there is a reason to believe that you must disclose customer information in order to take legal actions against any mental and physical damages incurred against others.

- Where necessary for statistics preparation, marketing analysis, or market research, and where it is provided in the form of an unidentifiable identification of a specific individual to an external institution or organization.

- Where there is a demand of investigative institution in accordance with the provisions of other relevant laws and regulations, or in accordance with the procedures and methods prescribed under laws and regulations for the purposes of investigation.

- Where it is significantly difficult to acquire conventional consent for economic / technical reasons as personal information required for the performance of the contract concerning the provision of services.

 

7. The users of the rights and obligations of the information subject and their exercising methods may exercise the following rights as the subject of personal information.

 

A. The information subject may exercise the privacy related rights against the Company at any time with respect to any of the following.

- Demand for the review of personal information

- Demand for correction in the event of error, etc.

- Demand for deletion

- Demand for the suspension of handling

 

B. The exercise of the rights pursuant to Paragraph (1) may be performed in writing, e-mail or fax according to the attached Form 8 of the Enforcement Rules of the Personal Information Protection Act.

 

C. If the information subject demands correction or deletion of an error of personal information, etc.. the Company will not use or provide the corresponding personal information until the correction or deletion is completed.

 

D. The exercise of rights pursuant to Paragraph (1) may be performed through an agent such as a legal representative or a delegated person of the information subject. In this event, a power of attorney according to the attached Form 11 of the Enforcement Rules of the Personal Information Protection Act must be submitted.

 

8. Destruction of personal information

If the purpose of handling personal information is accomplished, the Company shall in principle destroy the personal information without any delay. The procedures, deadlines and methods of destruction shall be as follows.

 

A. Destruction procedure

The information entered by the user is transferred to a separate DB after completion of the purpose (separate documents in the event of paper) and is stored for a certain period of time or immediately destroyed according to internal policies and other related laws and regulations. At this time, the personal information transferred to the DB will not be used for any other purposes unless required by the law.

 

B. Deadline for destruction

If the retention period for the personal information of the user has elapsed, that personal information shall be destroyed within 5 days from the date of expiration of the retention period, or within 5 days from the date recognized to be unnecessary for the handling of personal information when that personal information has become unnecessary such as achieving the purpose of handling personal information, closing of the corresponding service, and closing of business.

 

C. Destruction methods

For the information in the form of electronic files, a technical method which cannot reproduce records shall be used. Personal information printed on paper shall be shredded by a shredder or destroyed by incineration.

 

9. Measures to ensure the safety of personal information

The Company has taken the following technical, administrative and physical measures to ensure safety pursuant to Article 29 of the Personal Information Protection Act.

 

A. Minimization and training of the personal information handling staff

Employees handling personal information shall be designated and limited to the personnel in charge, and measures shall be taken to minimize personal information for management.

 

B. Implementation of periodic self audit

The Company conducts audits regularly on its own (once per quarter) to ensure the safety related to handling personal information.

 

C. Development and enforcement of internal control plan

The Company has developed and enforced an internal control plan for the safe handling of personal information.

 

D. Encryption of personal information

The user’s personal information is encrypted and stored and managed to ensure that only you have the knowledge of it, and important data are protected by employment of separate security functions, such as encrypting file and transmission data, or using the file lock function.

 

E. Technical measures against hacking, etc.

The Company installs security programs, regularly updates and examines the system to prevent leakage and damage of personal information caused by hacking or computer viruses, etc.. and also installs the system in an area where access from the outside is controlled and technically and physically monitors and blocks them.

 

F. Restricted access to personal information

The Company takes required measures to control access to personal information via granting, modifying, and cancelling access rights to the database system handling personal information, and also controls unauthorized access from the outside by using an intrusion prevention system.

 

G. Prevention of the storage, forgery and falsification of access logs

The Company maintains and manages the records of access to the personal information handling system for at least 6 months, and also uses security functions to ensure prevention against forgery, falsification, theft, and loss of access logs.

 

H. Use of locks for document security

The Company stores the documents including personal information and auxiliary storage media in a safe location equipped with lock devices.

 

I. Restricted access to unauthorized people

The Company has developed and operates an access control procedure for the physical storage in a location storing the personal information.

 

10. Privacy manager

 

A. The Company has designated a privacy manager as follows to ensure responsibility for supervising the business of handling personal information and handling complaints of information subjects in relation to the handling of the information and recovering damages, etc.

 

Name :

Position:

Department of affiliation:

Phone:

Fax:

E-mail :

 

B. The information subject may inquire on all personal information protection related complaints, complaint handling, and recovery of damages, etc. when using the Company's services (or business). The Company will respond and handle inquiries of the information subject without any delay.

 

11. Change of privacy policy

 

A. This privacy policy will enter into force and become effective from the date of enforcement, and in the event of any addition, deletion or correction of any changed details in accordance with the laws, regulations, and policies, the Company will make notification through public announcements from 7 days before the enforcement of the changed matters.