The Yeolsimhi Co., Ltd. (hereinafter referred to as the “Company”) values the personal information of users of the 10minds service operated by the Company (hereinafter referred to as the “Service”). The Company complies with the personal information protection requirements prescribed under applicable laws and regulations, including the Act on Promotion of Information and Communications Network Utilization and Information Protection (hereinafter referred to as the “Information and Communications Network Act”) and the Personal Information Protection Act, as well as guidelines established by the Personal Information Protection Commission and other relevant authorities.
When collecting, using, or providing users’ personal information, the Company informs users of the relevant details in advance and obtains their consent. If a user does not consent, the Company will not collect, use, or provide the user’s personal information. However, refusal to consent may restrict the user’s access to all or part of the Service.
Through this Privacy Policy, the Company intends to explain how and for what purposes the personal information provided by users is processed and to inform users of the Company’s ongoing efforts to protect such information.
This Privacy Policy takes effect on July 1, 2024. (Privacy Policy Version: 10minds-24-01)
The Company collects only the minimum amount of information necessary at the time it is required. The Company classifies the personal information it collects into required information necessary for providing basic services, including membership registration, customer support, and other services, and optional information necessary for providing customized services, as described below.
A “Member” means a user who has registered for membership by providing personal information to the Company. A “Non-member” means a user who uses the services provided by the Company without registering as a member on the Company’s website.
Collection and Use of Personal Information (Required)
| Category | Purpose | Items Collected | Retention Period |
|---|---|---|---|
| Required Information | Use of membership services / identity verification | Name, user ID, password, email address, mobile phone number |
Immediately upon membership withdrawal |
| ID/password recovery, handling inquiries and complaints related to the use of the Service, providing notices, and confirming contact information for product delivery |
Name, user ID, email address, mobile phone number |
Until membership withdrawal (however, the user ID is retained permanently) ※ The user ID is retained permanently to prevent re-registration using the same user ID. |
Collection and Use of Personal Information (Optional)
| Category | Purpose | Items Collected | Retention Period |
|---|---|---|---|
| Optional Information | Use of membership services / identity verification | Date of birth | Immediately upon membership withdrawal |
| Marketing activities (events, customized advertising) | Email address, mobile phone number, cookie information |
Immediately upon membership withdrawal | |
| Delivery of promotional information concerning the Company and its business partners, provision of customized services, and marketing activities |
Name, email address, mobile phone number |
Until membership withdrawal, withdrawal of consent, or expiration of the retention period prescribed by applicable laws |
|
| [Nose Metal Care Registrants] Extension of the free warranty period by one year, verification of successful registration, and provision of telephone-based care services |
Name, mobile phone number, product serial number, Nose Metal Care service registration number |
Until one year after the free warranty period for the registered product expires | |
| [Nose Metal Care Registrants] Receipt by telephone or text message of marketing information and customized benefit information concerning products and services offered by the Company or its business partners |
Name, mobile phone number, product serial number, Nose Metal Care service registration number |
Until one year after the free warranty period for the registered product expires, or until consent is withdrawn |
※ The Company may collect information through cookies, pixel tags, and similar technologies, including: users’ interactions with this site or the Company’s advertisements; the time at which users visit the Company’s website; products added to users’ shopping carts and whether users purchased any of the products added to their carts; whether users opened emails sent by the Company (including the time such emails were opened and whether links included in the emails were clicked); and other websites visited after users leave the Company’s website. The collected information may be used to provide customized advertisements on the Company’s website or other websites, provide customized email marketing based on users’ preferences or website usage history, determine whether users revisit the website, track products placed in users’ shopping carts, and measure the effectiveness of the Company’s advertisements.
Users may use the Service without providing optional information. The Company does not collect sensitive personal information that may infringe upon users’ fundamental rights, including information concerning race, ideology, beliefs, political opinions, criminal records, or medical information.
- Member Information Collected and Used Pursuant to Applicable Laws
| Information Retained | Retention Period | Legal Basis |
|---|---|---|
| Personal information related to the use of the Service (service usage records, access logs, IP address information) | 3 months | Protection of Communications Secrets Act |
| Records concerning labeling and advertising | 6 months | Act on the Consumer Protection in Electronic Commerce |
| Records concerning contracts or withdrawal of offers | 5 years | Act on the Consumer Protection in Electronic Commerce |
| Records concerning payment and supply of goods or services | 5 years | Act on the Consumer Protection in Electronic Commerce |
| Records concerning consumer complaints or dispute resolution | 3 years | Act on the Consumer Protection in Electronic Commerce |
In principle, the Company destroys personal information without delay once the purpose for which the information was collected and used has been fulfilled. The procedures and methods for destruction are as follows.
- Personal information stored in electronic file format, including information entered into databases, is permanently deleted using technical methods that prevent the information from being restored or reproduced; personal information printed on paper or recorded in documents is destroyed using a paper shredder.
- However, where personal information must be retained for a certain period pursuant to the Company’s internal management plan or other applicable laws (as described in “1. Collection and Use of Personal Information”), the information will be stored for the required period and destroyed thereafter.
The Company uses users’ personal information only within the scope described in “1. Collection and Use of Personal Information,” and, in principle, does not use it beyond that scope or provide it to an external party without the user’s prior consent.
- However, personal information may be provided without separate consent where required by applicable laws, or where an investigative authority requests such information for investigative purposes in accordance with the procedures and methods prescribed by law, including through the issuance of a warrant.
To ensure efficient business operations, including the handling of user inquiries and complaints, the Company entrusts certain personal information processing activities to external service providers as set forth below.
When entering into an outsourcing agreement, the Company clearly specifies matters concerning compliance with personal information protection laws, prohibition of unauthorized provision of personal information to third parties, and liability in the event of an incident, and retains such agreements in written or electronic form. If an entrusted service provider changes, the Company will notify users of the change through a notice or an update to this Privacy Policy.
|
Users may access or correct their personal information at any time. In particular, Members may access and correct their personal information at any time through the “Edit Profile” menu on the Company’s website, and the Company takes various measures to make it easy for users to access and correct their personal information. If a user wishes to access or correct their personal information, they may contact the Customer Center (1668-2457) or contact the Chief Privacy Officer in writing, by telephone, or by email, and the Company will take action without delay.
Users may request access to or correction of the following information:
" Personal information held by the Company
" Records concerning the Company’s use of the user’s personal information or provision of such information to third parties
" Records concerning the user’s consent to the collection, use, or provision of personal information
If a user requests correction of an error in their personal information, the Company will not use or provide the relevant personal information until the correction has been completed. If inaccurate personal information has already been provided to a third party, the Company will notify the third party of the correction without delay so that the information may be corrected accordingly.
However, even where the Company receives a request from a user to correct an error in their personal information, the Company may be unable to take action in the following cases. The Company will notify the user of the reason it cannot take action.
" Where there is a significant risk of harm to the life, property, physical safety, or rights and interests of the user or a third party
" Where there is a significant risk of substantial disruption to the Company’s operations
" Where doing so would violate other applicable laws
Even in such cases, the Company will not use or provide the relevant personal information until the correction of the error has been completed.
Users may withdraw, at any time, their consent to membership registration and to the collection, use, and provision of personal information. The Company takes various measures to make it easy for users to withdraw consent. To withdraw consent, contact the inquiry phone number displayed on the Company’s website (1668-2457), or contact the Chief Privacy Officer or the Customer Center in writing, by telephone, or by email, and the Company will take necessary action, such as deletion of the personal information, without delay. Personal information canceled or deleted at the user’s request is processed as set out in “2. Procedures and Methods for Destruction of Personal Information” and is handled so that it cannot be accessed or used for any other purpose. If incorrect personal information has already been provided to a business partner, the Company will notify the business partner without delay and take necessary action, such as deletion of the information.
A cookie is a very small text file sent to a user’s computer by the server operating a website, and is stored on the user’s computer hard disk. Users may therefore choose for themselves whether to allow the installation and collection of cookies, and may refuse to allow them. However, refusing to store cookies may restrict the use of some services that require login.
-Internet Explorer: Select Tools from the browser menu > Internet Options > Privacy tab > configure the settings manually.
- Chrome: Select Settings in the upper-right corner of the web browser > select the Advanced button at the bottom of the Settings screen > select the Content Settings button under the Privacy and Security section > configure the settings directly under the Cookies section.
In processing users’ personal information, the Company implements the following technical and administrative measures to ensure stability so that personal information is not lost, stolen, leaked, altered, or damaged.
Important personal information, including users’ passwords, is encrypted and stored using a database encryption solution. Data on the Company’s internal PCs is managed using encryption solutions, and transmitted data is also protected through separate security measures, such as encryption or file-locking functions.
To prevent users’ personal information from being leaked or damaged due to hacking or computer viruses, the Company installs its systems in areas where external access is controlled, and operates firewalls, intrusion prevention systems (IPS), and web application firewalls on a 24-hour basis. The Company periodically updates the operating systems and antivirus programs installed on its internal PCs, and manages password creation methods and change cycles in accordance with relevant standards.
The Company systematically manages the granting, modification, and revocation of access rights to the database systems used for processing personal information through a database access control system, and takes other necessary measures to control access to personal information. Computers used by personnel who are authorized to download or destroy personal information, or to configure access rights to the personal information processing system, are operated through physical network separation. When personnel access the personal information processing system and process personal information, the Company records the access date/time and details of the processing performed, and separately backs up and retains such access records.
The Company regularly provides training on new security threats and personal information protection systems to personnel responsible for handling personal information and to all employees.
User account passwords are encrypted and stored in a non-reversible format and are managed securely.
The Company has designated a Chief Privacy Officer as set out below to protect users’ personal information and handle complaints related to personal information, and separately operates a Customer Center.
Users may report any personal information protection-related complaint arising from the use of the Company’s services to the Chief Privacy Officer, the person responsible for personal information management, or the Customer Center. The Company will provide prompt and sufficient responses to users’ reports.
| [Chief Privacy Officer] | [Customer Center] |
|---|---|
|
|
If you need to file a report or seek consultation regarding any other infringement of personal information, please contact the following organizations:
" Reporting and Consultation Information for Other Personal Information Infringements
| Personal Information Infringement Report Center | 118 (without an area code) | http://privacy.kisa.or.kr |
| Cyber Investigation Department, Supreme Prosecutors’ Office | 1301 (without an area code) | http://www.spo.go.kr |
| Cyber Bureau, Korean National Police Agency | 182 (without an area code) | http://ecrm.cyber.go.kr |
| Personal Information Dispute Mediation Committee | 1833-6972 | http://www.kopico.go.kr |
If this Privacy Policy is added to, deleted, or amended due to changes in applicable laws, policies, or security technologies, the Company will notify users without delay through a notice on the website, email, or other appropriate means.