1. Purpose of Processing Personal Information
2. Processing and Retention Period of Personal Information
① ‘Oraora’ processes and retains personal information within the personal information retention and usage period agreed upon when collecting personal information from the information subject or within the period stipulated by laws and regulations.
② Specific personal information processing and retention periods are as follows:
3. Rights and Obligations of the Information Subject and Legal Representatives, and Methods of Exercising Them
Users can exercise the following rights as personal information subjects.
① The information subject can exercise the following personal information protection rights at any time with respect to ‘Oraora’:
4. Items of Personal Information Being Processed
① ‘Oraora’ processes the following personal information items.
■ When registering as a member (Member)
■ When making a customer inquiry (Non-member)
■ When using the service
② ‘Oraora’ does not collect personal information from children under the age of 14 by allowing only those aged 14 and older to sign up for membership.
5. Destruction of Personal Information
‘Oraora’ will destroy the personal information without delay when the purpose of processing personal information is achieved. The procedures, deadlines, and methods of destruction are as follows.
Destruction procedure The information entered by the user is transferred to a separate DB (in the case of paper, a separate document) after the purpose is achieved and stored for a certain period according to internal policies and other related laws before being destroyed. The personal information transferred to the DB will not be used for any other purpose unless required by law.
Destruction deadline The personal information of users will be destroyed within 5 days from the end of the retention period if the retention period has elapsed. If the personal information becomes unnecessary, such as achieving the processing purpose, discontinuation of the service, or termination of the business, the personal information will be destroyed within 5 days from the date it is deemed unnecessary.
6. Matters Concerning the Installation, Operation, and Rejection of Automatic Personal Information Collection Devices
① ‘Oraora’ uses ‘cookies’ to store and retrieve usage information from time to time to provide personalized services.
② Cookies are small pieces of information that the server (https) uses to operate the website and sends to the user’s computer browser. It may also be stored on the hard disk of the user's PC computer.
a. Purpose of using cookies: Cookies are used to provide optimized information to users by identifying the visit and usage patterns of each service and website visited by the user, popular search terms, secure connections, etc. b. Installation, operation, and rejection of cookies: You can refuse to save cookies by setting the options in the Privacy menu of the Tools > Internet Options on the top of the web browser. c. If you refuse to store cookies, you may have difficulty using personalized services.
7. Personal Information Protection Officer
① ‘Oraora’ is responsible for the overall management of personal information processing tasks and designates the following personal information protection officer to handle complaints and remedy damages related to personal information processing.
▶ Personal Information Protection Officer Name: Wonbeom Lee Position: CEO Contact: 010-2493-6645 [email protected] ※ Connected to the Personal Information Protection Department.
▶ Personal Information Protection Department Department Name: Service Team Contact: 010-2493-6645 [email protected] ※ Connected to the Personal Information Protection Department.
② For any inquiries, complaints, or damage relief regarding personal information protection that occur while using ‘Oraora’s services, you can contact the personal information protection officer and the relevant department. ‘Oraora’ will respond and handle inquiries without delay.
8. Changes to the Privacy Policy
① This Privacy Policy applies from the effective date. If there are any additions, deletions, or corrections to the changes according to laws and policies, they will be notified through the announcement at least 7 days before the changes take effect.
9. Measures to Ensure the Safety of Personal Information
‘Oraora’ takes the following technical, managerial, and physical measures necessary to ensure safety as prescribed in Article 29 of the Personal Information Protection Act.
① Minimization and training of personnel handling personal information We are implementing measures to manage personal information by designating and limiting the number of employees handling personal information to the minimum necessary.
② Technical measures against hacking ‘Oraora’ installs security programs and regularly updates and checks them to prevent personal information from being leaked or damaged by hacking or computer viruses. Systems are installed in areas where access from the outside is controlled, and technical and physical monitoring and blocking are carried out.
③ Encryption of personal information The user’s personal information is encrypted and stored and managed so that only the user knows, and important data uses separate security functions such as encrypting files and transmission data or using file lock functions.
④ Storage and prevention of forgery and alteration of access records Records of access to the personal information processing system are kept and managed for at least six months. Security functions are used to prevent access records from being forged, altered, stolen, or lost.
⑤ Restriction of access to personal information Necessary measures are taken to control access to personal information through granting, changing, and deleting access rights to the database system that processes personal information. Unauthorized access from the outside is controlled using an intrusion prevention system.
10. Remedies for Infringement of Rights
The following institutions are separate from Coretrend, and if you are not satisfied with ‘Oraora’s own personal information complaints handling and damage relief results, or if you need more detailed help, please contact them.
▶ Personal Information Infringement Report Center (operated by the Korea Internet & Security Agency)
▶ Personal Information Dispute Mediation Committee
▶ Supreme Prosecutors' Office Cybercrime Investigation Division: 02-3480-3573 (www.spo.go.kr)
▶ Cyber Safety Bureau of the National Police Agency: 182 (http://cyberbureau.police.go.kr)
