'OneMoreSecurity Inc' (hereinafter referred to as “Company”), which provides the 'OMPASS' service, strives to protect users’ personal information and complies with the relevant laws such as Act on promotion of Information and Communications Network Utilization and Information Protection, Etc. and the Personal Information Protection Act. The Company discloses this Privacy Policy pursuant to the relevant laws so that users can easily check how the Company handles their personal information.
The contents of this Privacy Policy are as follows:
Purpose of collecting and using personal information
Types of personal information collected
Method of collecting personal information
Providing personal information to third parties
Retention and use period of personal information
Procedure and method for destroying personal information
Rights of the users and their legal representatives and exercise of rights
Measures to secure personal information
Installation and operation of programs that automatically collect personal information and rejection of such programs
Personal information manager and grievance department
1. Purpose of collecting and using personal information
The Company collects and uses personal information to provide services for OMPASS admin website and OMPASS app, to identify and authenticate persons for membership-based services, to prevent the illegal use of services, to secure contact for customer support, to process complaints, to analyze members’ use of services statistically, to provide advertising information, and to provide services specific to statistical characteristics.
2. Types of personal information collected
❶
Information collected for membership sign up under agreement by administrators includes last name, first name, email, phone number, country code, and company (organization) name.
-
❷
Information collected for registration of sub-administrators by administrators includes last name, first name, email, phone number, and country code.
-
❸
Information collected automatically for activities of administrators and sub-administrators includes OMPASS log, policy log, login time, cookie, and access IP information.
-
❹
Information collected automatically for activities of users includes User ID, application name, authentication, login time, cookie, and access IP information.
-
❺
-
3. Methods of collecting personal information
Personal information is collected during the membership service sign-up process, service use, phone consultation, email consultation, service inquiry, and quotation inquiry.
4. Providing personal information to a third party
None
5. Retention and use period of personal information
❶
Information retention according to policy of the Company
-
The Company retains the information provided by administrator, sub administrator, and user from the time of registration to the time of membership withdrawal.
-
In the case of services other than membership, after achieving the purpose of using personal information, the information is immediately destroyed or retained according to the indicated retain period for each service.
❷
Information retention according to relevant laws and regulations If there is a need to preserve personal information according to the provisions in laws such as the Commercial Act, however, the Company retains such in accordance with the laws and regulation.
-
Records concerning the contract or subscription withdrawal, etc.:5 years
-
Records concerning payment and supply of goods, etc.:5 years
-
Records concerning consumer complaints or dispute settlement:3 years
6. Procedure and method for destroying personal information
After achieving the purpose of collecting and using personal information or the retention period expires, the information is immediately destroyed. The procedure and method for destruction are as below.
❶
Procedure for destroying personal information Collected personal information is immediately destroyed after achieving the purpose of collecting or the retention period expires. If there is a need to preserve personal information according to relevant laws and regulations, the information is moved to and stored in a separate DB and destroyed after the retention period expires.
❷
Method for destroying personal information Collected personal information is immediately destroyed after achieving the purpose of collecting or the retention period expires. If there is a need to preserve personal information according to relevant laws and regulations, the information is moved to and stored in a separate DB and destroyed after the retention period expires.
-
Personal information printed on a paper is destroyed with a shredder.
-
Personal information saved in electronic file format is destroyed using a technical method that does not allow regeneration.
7. Rights of the users and their legal representatives and exercise of rights
The user can withdraw his/her consent to the use of the provided personal information by requesting cancellation of the service. The Company performs the necessary action immediately when there is a request for withdrawal of consent, access, or modification and refrains from using the information until the information is corrected when there is a request for information modification in particular. Any complaints related to privacy protection arose while using the OMPASS service can be sent to the contact provided in this Privacy Policy document.
8. Measures to secure personal information
The Company takes following administrative, technical, and physical measures to ensure safety when processing personal information.
-
Administrative measures:Establishing and implementing internal management plans, regular training on personal information protection for employees, etc.
-
Technical measures:Management of access permission to personal information processing system, installation of encrypt and security programs, etc.
-
Physical countermeasures:Access control to the storage for personal information such as server room and data storage room, etc.
9. Installation and operation of programs that automatically collect personal information and rejection of such programs
The Company uses cookies to provide personalized services to users. As the data file sent by the HTTP server to the user’s browser and stored in the user’s device, a cookie may contain information on the websites used by the user and personal information of the user. Users can choose to accept all cookies, receive a notification when a cookie is installed, or reject all cookies by adjusting the options of the Internet web browser.
10. Personal information manager
Chief Privacy Manager:Nury Kang Contact for privacy related inquiries:070-4298-3070, partner@omsecurity.kr If you have any questions about your personal information, please contact us anytime. For other questions about reporting or consulting on privacy violation, please contact the following institutions in South Korea:
-
Cyber Bureau, National Police Agency https://cyberbureau.police.go.kr/ Call +82-182