ESTsecurity (hereinafter referred to as “the Company”) complies with the relevant laws such as the ‘Act on the Promotion of Information and Communications Network Utilization’ and the ‘Personal Information Protection Act’ to protect users’ personal information
The Company sets and discloses this Privacy Policy so that users can easily check how the Company handles their personal information.
1. Types of personal information collected and its retention period
2. Use of collected personal information
3. Procedure and method for deleting personal information
4. Providing personal information to a third party
5. Provision and outsource of personal information
6. Rights of the users and their legal representatives and exercise of rights
7. Measures to secure personal information
8. Installation/operation and rejection of automatic personal information collection method
9. Collection, use, provision and rejection of behavioral information
10. Personal information manager and grievance department
11. Redressing Infringement of Rights
12. Obligation to notify before revision
1. Types of personal information collected and its retention period
As a part of service use, the Company collects the minimum personal information necessary to provide the following services..
[For using ESTsecurity website]
Service |
Type |
Retention Period |
Questions |
[individual customer] · (Optional) company type |
3 months |
|
Security newsletter subscription |
· (Required) email |
Deleted immediately when subscription is cancelled |
|
Events |
· (Required) contact |
Deleted immediately after achieving the purpose |
|
Seminar |
· (Required) full name, mobile number, company name, department, title, email, phone number of the company, area |
Deleted immediately after achieving the purpose |
[For using Threat Inside website]
Service |
Type |
Retention Period |
Questions |
· (Required) name of the person in charge, company or group name, email · (Optional) contact |
3 months |
|
Sign up |
· (Required) full name, email, password, contact, company or group name |
Deleted immediately after membership withdrawal |
|
Events |
· (Required) contact |
Deleted immediately after achieving the purpose |
[For using Dr.Capsule website]
Service |
Type |
Retention Period |
|
SNS quick sign up |
[Kakao Talk]
|
Deleted immediately after membership withdrawal |
Questions |
· (Required) email |
3 months |
Events |
· (Required) full name, contact |
Deleted immediately after achieving the purpose |
[For using reporting service]
Service |
Type |
Retention Period |
| Reporting through Dr.Capsule |
· (Required) email |
3 months |
Reporting through report application |
· (Required) email |
3 months |
Furthermore, following information may be automatically collected during service use.
· service use records, login logs, cookie, IP, MAC address, advertisement ID, unauthorized use records, customer inquiry records, and event participation records
If additional personal information should be collected, we will inform and obtain consent from the users about ‘collected personal information items, purpose of collection and use of personal information, and retention period of personal information’.
2. Use of collected personal information
The company uses the collected personal information for following purposes.
· Respond to customer inquiries, support, complaints
· Offering membership service
· Reply result for reporting
· Sending security letter
· Sending event prizes
· Quotation and introduction consultation
· Provide customized advertising information based on demographic characteristics and estimating users' interests, preferences, and tendencies
3. Procedure and method for deleting personal information
After achieving the purpose of collecting and using personal information or the retention period expires, the information is immediately deleted. However, if it is necessary to preserve it in accordance with the relevant laws and regulations, the company will keep it for a certain period.
· Records concerning the contract or subscription withdrawal, etc.: 5 years (Act on Consumer Protection in Electronic Commerce)
· Records concerning payment and supply of goods, etc.: 5 years (Act on Consumer Protection in Electronic Commerce)
· Records concerning consumer complaints or dispute settlement: 3 years (Act on Consumer Protection in Electronic Commerce)
· Records on display/advertisement: 6 months (Act on Consumer Protection in Electronic Commerce)
· Records on service visitation: 3 months (Communication Secret Protection Act)
Procedure for deletion
The company destroys personal information without a delay after the purpose of collection and use has been achieved or the retention period has expired. However, if it is necessary to preserve it in accordance with the relevant laws and regulations, the company will keep private information securely in isolated DB.
Method for deletion
In the case of personal information that has achieved the purpose of collection and use of personal information, it is deleted in a way that cannot be restored.
Paper documents such as printed or written documents are deleted by shredding or incineration, and electronic files are deleted using technical methods that cannot be restored or regenerated.
4. Providing personal information to a third party
The company uses the user's personal information only within the scope agreed upon in the collection and use of personal information. In principle, it will not be provided to third parties except in cases where there is a request from an investigation agency in accordance with the provisions of laws and regulations or in accordance with the procedures and methods stipulated by laws and regulations for investigation purposes.
Personal information may be provided to third parties in the following cases.
1) When users agree in advance
2) When there is a request from an investigation agency in accordance with the provisions of laws and regulations or in accordance with the procedures and methods stipulated by laws and regulations for the purpose of investigation
In order to provide smooth service, the company provides only the minimum necessary scope with the consent of the information subject in the following cases.
Recipient |
|
Purpose |
Purchase consultation, quotation and introduction inquiries |
Personal information type |
company or group name, name of the person in charge, email, contact, area |
Retention and use period |
Destroy after achieving the purpose of retention and use period |
5. Provision and outsource of personal information
The company outsources some services to provide better services.
consignee |
ESTsoft |
Outsourcing task |
· Customer support |
6. Rights of the users and their legal representatives and exercise of rights
Users can withdraw their consent to viewing, correction, deletion, collection and use of their personal information at any time.
For children under the age of 14, a legal representative has the right to view, correct, delete, collect, and withdraw consent to use of their child's personal information.
Users and their legal representatives can view, correct, delete, collect, and withdraw their consent to use of member information through inquiries on the website, and the company will take action without a delay upon when there is a request from users and their legal representatives. In addition, if there is a request for correction of personal information, the personal information will not be used or provided until the correction is completed.
7. Measures to secure personal information
The company takes the following technical, administrative and physical measures to ensure the safety of personal information.
1) Set and implement an internal management plan.
2) Implement regular training to employees for securing personal information.
3) Minimize the number of people who can access the personal information processing system, and fine access rights.
4) Transmits and receives through encrypted communication method.
5) Minimize the threat of hacking or malicious code by installing security programs.
6) Restrict access to personal information stored places such as server rooms and data storage rooms from unauthorized persons through access control.
8. Installation/operation and rejection of automatic personal information collection method
1) Cookie is a small record information file that is automatically installed on a user's computer or other device through a web browser when a user visits a website. The company may use cookies to provide customized advertising information to users.
Cookies may be used for following purposes.
· Offering advertising information
· Offering customized advertising information
· Offering customized service
Users can select the option to accept all cookies, check each time when cookie is saved, block third-party cookies, and block all cookies through the browser option.
However, if users choose to block all cookies, it may cause some inconvenience, as some functions might not work properly.
- How to set cookie options (example)
Microsoft Edge Browser
Web browser options (top right) > Settings > Cookies and site permissions > Cookies and stored data
Chrome
Web browser options (top right) > Settings > Privacy & security > Cookies and other site data
2) Weblog analysis
The company uses Google Analytics, a log analysis tool provided by Google for analyzing service usage statistics. We collect behavioral information of our service users through Google Analytics, and even in this case, only non-personal identifiable information is collected. If you want to stop web logs analyze, you can block them through the settings on the guide page below.
See how to turn off Google Analytics
9. Collection, use, provision and rejection of behavioral information
While using the service, the Company allows online-personalized advertisement providers to collect and process behavioral information in order to provide optimized online advertisements to information subjects.
· What is behavioral information?
Online users’ activity information such as website visit history, app usage history, purchase and search history that can identify and analyze users' interests, preferences, and tendencies.
· What is online personalized advertising?
Online advertisements customized to users after analyzing and estimating users' interests, preferences, and tendencies by processing behavioral information
|
Advertisers that collect and process behavioral information |
Google, Adpopcorn, Wider Planet, Enliple, Kakao, Coupang, Criteo, Pincrux |
Purpose of collecting behavioral information |
Providing personalized advertising services based on users' interests and preferences |
Types of collected behavioral information |
User’s website/app service visit history, activity log and search history, IP, device information (OS, screen size, device ID, advertisement ID) |
Method to collect behavioral information |
Collected automatically while service use |
Retention period of behavior information |
Retained and used for up to 13 months from the date of collection, and deleted without delay at the end of the period of use |
Users can block or allow personalized advertisements by changing the browser and mobile device settings.
· PC service (example)
Microsoft Edge Browser
Web browser options (top right) > Settings > Cookies and site permissions > Cookies and stored data
Chrome
Web browser options (top right) > Settings > Privacy & security > Cookies and other site data
· Mobile service (example)
Android: Settings > google > Ads > opt out of ad personalization
10. Personal information manager and grievance department
For inquiries and complaints regarding personal information, please contact us at the contact information below.
Chief Privacy Officer: ESRC Director
Responsible department for privacy: Threat Tracking Team
Contact for privacy related inquiry: 02-583-4620, privacy@estsecurity.com
For other questions about reporting or consulting on privacy violation, please contact the following institutions.
11. Redressing Infringement of Rights
The information subject may apply for dispute resolution or consultation to the Personal Information Dispute Mediation Committee or the Korea Internet & Security Agency Personal Information Infringement Report Center in order to get redress from personal information infringement. In addition, for other personal information infringement reports and consultations, please contact the following organizations.
· Cyber Bureau, National Police Agency http://cyberbureau.police.go.kr / 182 without an exchange number
· Cybercrime Investigation Division Supreme Prosecutors’ Office http://www.spo.go.kr / 1301 without an exchange number
· Privacy Infringement Report Center (operated by KISA) http://privacy.kisa.or.kr / 118 without an exchange number
· Personal Information Dispute Mediation Committee (operated by KISA) / www.kopico.go.kr / 1833-6972
12. Obligation to notify before revision
If there are changes to laws or services, the privacy policy may be changed. If the privacy policy is changed, we will notify through a notice at least 7 days in advance.
However, when there is a significant change in user rights, such as change of types of personal information collected, purpose of use, provision to third parties, etc., we will notify the users at least 30 days in advance.
This privacy policy will be effective from December 5, 2022.
View previous privacy policy
