Privacy Policy
athome Corporation (hereinafter referred to as the "Company") complies with the [Personal Information Protection Act] and relevant laws to protect the freedom and rights of information subjects, and processes personal information legally and safely. Accordingly, in accordance with Article 30 of the [Personal Information Protection Act], the Company establishes and discloses the following privacy policy to guide the procedures and standards for processing personal information and to promptly and smoothly handle related complaints.
1. Purpose of Collecting and Using Personal Information
The Company collects and uses the minimum personal information for handling reports and inquiries (product/service, marketing partnership, investment) related to its business and for recruitment purposes. Detailed information on the processing of personal information for the services provided by the Company is guided on the service website's privacy policy for information subjects to confirm.
2. Items of Personal Information Collected and How to Collect Them
a. Personal information to be collected
| Category | Personal information to be collected | |
|---|---|---|
| Report (Ethical Management) | Required | Last name, given name |
| Optional items | Phone, email, Address | |
| Business (Partnership) Inquiries | Required | Last name, given name |
| Optional items | Phone, email, Address | |
| Recruitment | Required | Last name, given name |
| Optional items | Phone, email, applied position, resume/cover letter/portfolio details | |
b. How to collect personal information
The Company collects the minimum personal information online for business-related inquiries and recruitment. At this time, the Company provides a procedure for users to select "Agree" or "Disagree" to each content of the Company's personal information collection and use consent form.
3. Retention and Use Period of Personal Information
The Company, in principle, destroys users' personal information without delay once the purpose of collecting and using personal information is achieved. However, the following information is retained for the specified period for the following reasons
a. Internal Policy Grounds
<Recruitment Related>
- Upon final acceptance: Until resignation, but if there is a statutory obligation to preserve it, it will be retained for the relevant period according to labor laws, etc.
- Upon rejection: Immediate destruction
b. Legal Grounds
- Records of visits (logs): 3 months (Communications Secrets Protection Act)
- Other communication confirmation materials: 12 months (Communications Secrets Protection Act)
4. Provision of Personal Information to Third Parties
The Company uses users' personal information within the scope notified in the collection and use of personal information and, in principle, does not provide users' personal information to third parties. However, if the Company outsources the processing of personal information to third parties in the performance of its business (services), it will be posted on the service website about the details of the outsourced work and the trustees.
5. Procedures and Methods for the Destruction of Personal Information
Users' personal information is destroyed without delay once the purpose of collecting and using personal information is achieved as follows
a. Destruction Procedures
The Company promptly destroys personal information that has become unnecessary due to the expiration of the retention period or achievement of the processing purpose according to internal policies and relevant laws. If the personal information retention period consented by the information subject has elapsed or the processing purpose has been achieved, and the personal information must be preserved according to other laws, the relevant personal information is transferred to a separate database (DB) or stored in a different location.
b. Destruction Methods
- Personal information printed on paper: Shredded or incinerated
- Personal information stored in electronic file form: Deleted using technical methods that cannot reproduce the records
6. Rights of Users and Legal Representatives and Exercise Methods
a. Users and legal representatives can view or correct their own or their under-14-year-old children's personal information at any time and request deletion (withdrawal of consent).
b. The exercise of rights can be made in writing, email, or fax according to Article 41, Paragraph 1 of the [Personal Information Protection Act] Enforcement Decree, and the Company will take action without delay.
c. If a user requests correction of errors in personal information, the Company will not use or provide the personal information until the correction is completed. If incorrect personal information has already been provided to third parties, the Company will notify the third parties of the correction result without delay to ensure the correction is made.
d. Personal information terminated or deleted at the request of users or legal representatives is processed according to the "3. Retention and Use Period of Personal Information" and cannot be viewed or used for other purposes.
7. Operation of Cookies
The Company operates cookies to provide personalized and customized services by storing and retrieving users' information.
a. Purpose of Using Cookies
Analyzing users' access frequency and visit times, identifying users' preferences and interests, tracking users' activities, determining participation levels in various events and visit counts, and providing targeted marketing and customized services.
b. Installation/Operation of Cookies
Users have the option to set cookies. Users can set their web browser options to allow all cookies, go through confirmation each time a cookie is stored, or refuse to save all cookies.
c. Method to Reject Cookie Settings
Users can reject cookie settings by selecting options in their web browser. However, if users refuse to install cookies, there may be difficulties in providing services.
- Microsoft Edge: Click '…' at the top right > Settings > Cookies and site permissions
- Chrome Browser: Click '…' at the top right > Settings > Privacy and security > Cookies and other site data
- Naver Whale: Click '…' at the top right > Settings > Privacy
8. Technical and Managerial Measures for Personal Information Protection
a. The Company takes the following technical measures to ensure the safety of personal information
- Users' personal information is protected through encryption. However, even though the Company encrypts and protects users' personal information, there is a possibility of unintended loss, theft, or leakage in the process of using the internet in public places. Therefore, users should not disclose or lend their personal information to others and should manage their personal information responsibly to prevent unauthorized collection through social engineering methods such as phishing. The Company is not responsible for any personal information loss, theft, leakage, phishing, or disclosure due to users' negligence.
- Users' personal information is fundamentally protected by passwords, and important data is protected through separate security functions by encrypting files and transmission data.
- The Company uses antivirus software that automatically updates new information to prevent damage from computer viruses. The antivirus software operates 24 hours with personnel on duty to take protective measures. In case of virus infiltration, it automatically sends an alarm to the personnel and simultaneously automatically treats the virus.
- The Company adopts security devices (SSL or SET) that can safely transmit personal information over the network using encryption algorithms.
- The Company operates intrusion detection and intrusion prevention systems 24 hours a day to prevent users' personal information from being leaked due to hacking or network intrusion.
b. The Company recognizes the importance of protecting users' personal information and takes the following managerial measures to protect users' personal information
- The Company regularly conducts in-house and outsourced training for employees handling personal information on new security technologies and personal information protection obligations.
- The Company requires all new employees to submit a security pledge to prevent information leakage by people in advance, monitors the implementation of the privacy policy and compliance by employees, and takes corrective or necessary measures in case of violations.
- The Company does not mix personal information with general data and stores them separately through separate servers.
- The Company designates computer rooms and data storage rooms as special protection zones and controls access.
- The Company is not responsible for incidents caused by users' mistakes or the inherent risks of the internet. Users must properly manage their ID and password to protect their personal information and are responsible for this.
9. Chief Privacy Officer
The Company strives to provide users with safe information. The Company is responsible for accidents contrary to the matters notified to users about protecting personal information. However, the Company is not responsible for unexpected accidents due to basic network risks such as hacking despite technical supplements and various disputes caused by posts created by visitors. The person in charge of handling users' personal information is as follows and responds promptly and sincerely to personal information inquiries.
Chief Privacy Officer: Jeong-ho Yang
Phone : 1800-6307
Email : admin@athomecorp.com
10. Duty of Notification
a. Detailed information on personal information protection, including this privacy policy, is disclosed on the first screen of the service website for users to easily view at any time.
b. If there are significant changes, deletions, or additions to the privacy policy due to changes in laws, policies, or security technologies, the reasons and contents of the changes will be notified on the service website 7 days before the implementation of the revised privacy policy.
11. Remedy Methods for Rights Infringement
Users can report all personal information protection-related complaints arising from using the Company's services to the personal information management officer. The Company will promptly and sufficiently respond to users' reports. If users need to report or consult on other personal information infringements, they can contact the following organizations
■ Personal Information Infringement Report Center: (without area code) 118 (http://privacy.kisa.or.kr)
■ Personal Information Dispute Mediation Committee: 1833-6972 (http://kopico.go.kr)
■ Cyber Investigation Division of Supreme Prosecutors’ Office: (without area code) 1301 (http://spo.go.kr)
■ Cyber Security Bureau of National Police Agency: (without area code) 182 (http://cyberbureau.police.go.kr)
Addendum
This processing policy is effective from August 1, 2023.