Carbon T&C Co., Ltd. Privacy Policy (ver 1.0)
The privacy policy of Carbon T&C Co., Ltd. (hereinafter referred to as the "Company" or "Carbon T&C") contains the following contents:
#### 1. Items of Personal Information Collected and Collection Methods
**A. Items of Personal Information Collected**
First, the following information may be automatically collected during the website access or business process:
- IP Address, Cookies, Visit Date and Time, Service Usage Records, Misuse Records
**B. Methods of Collecting Personal Information**
The Company collects personal information through the following methods:
- Website, written forms, fax, phone, bulletin boards, email
#### 2. Purpose of Collecting and Using Personal Information
The Company utilizes the collected personal information for the following purposes:
- Online inquiries
#### 3. Sharing and Providing Personal Information
The Company uses personal information within the scope notified in "2. Purpose of Collecting and Using Personal Information" and does not disclose the user's personal information to third parties without prior consent from the user, except in the following cases:
- When the user has given prior consent to disclosure
- When required by law or requested by investigative authorities according to legal procedures and methods for investigative purposes
#### 4. Delegation of Personal Information Handling
The Company does not delegate the handling of personal information to third parties.
#### 5. Retention and Usage Period of Personal Information
The personal information of the user is, in principle, destroyed without delay once the purpose of collection and use has been achieved. However, the following information is retained for the specified period for the reasons stated below:
**A. Information Retained by Internal Policy**
- Personal information of resigned employees registered in HR: retained for 30 years considering possible re-employment
- Information registered for open recruitment (website registration): retained for 3 years
- Information registered for inquiries (website registration): retained for 5 years
**B. Information Retained by Relevant Laws**
First, records of identity verification:
Retention reason: Act on Promotion of Information and Communications Network Utilization and Information Protection, etc.
Retention period: 6 months
Second, website visit records:
Retention reason: Protection of Communications Secrets Act
Retention period: 3 months
#### 6. Procedures and Methods for Destroying Personal Information
The personal information of users is, in principle, destroyed without delay once the purpose of collection and use has been achieved. The Company's procedures and methods for destroying personal information are as follows:
**A. Destruction Procedures**
- Information entered by the user for membership registration, etc., is moved to a separate database (or separate document storage in the case of paper) after the purpose is achieved and is stored for a certain period according to internal policies and other related laws (refer to retention and usage period) before being destroyed.
**B. Destruction Methods**
- Personal information printed on paper is destroyed by shredding or incineration.
- Personal information stored in electronic file formats is deleted using technical methods that prevent the recovery of the record.
#### 7. Rights of Data Subjects and Legal Representatives and How to Exercise Them
- Data subjects can view or modify their personal information at any time and request deletion. (Requests can be made to the personal information management officer in writing, by phone, or by email, and the Company will take action without delay.)
- When a data subject requests correction of errors in their personal information, the Company will not use or provide the personal information until the correction is completed. If incorrect personal information has already been provided to a third party, the Company will notify the third party of the correction result without delay so that the correction can be made.
- Personal information that is canceled or deleted at the request of the data subject or legal representative is processed according to the provisions in "5. Retention and Usage Period of Personal Information" and is handled in a way that prevents access or use for any other purpose.
#### 8. Matters Concerning the Installation/Operation and Rejection of Automatic Personal Information Collection Devices
The Company uses cookies, which are small text files sent by the server used to operate the website, to store and retrieve user information. These cookies are stored on the user's computer's hard disk.
**A. Purpose of Using Cookies**
- Cookies are used to identify the usage patterns of the Company’s services and websites visited by users, to identify secure access, and to optimize the information provided to users.
**B. Installation/Operation and Rejection of Cookies**
- Users have the option to accept or reject cookie installation. Users can set options in their web browsers to accept all cookies, be prompted each time cookies are saved, or reject all cookies.
- How to set cookie acceptance (for Internet Explorer):
1. Select [Tools] menu and then [Internet Options].
2. Click the [Privacy] tab.
3. Adjust the privacy settings as desired.
#### 9. Technical and Managerial Measures for the Protection of Personal Information
The Company takes the following technical and managerial measures to ensure the safety of personal information and to prevent it from being lost, stolen, leaked, altered, or damaged.
**A. Countermeasures Against Hacking, etc.**
- The Company takes all possible measures to prevent personal information from being leaked or damaged by hacking or viruses. Data is backed up frequently, and the latest antivirus programs are used to prevent personal information or data from being leaked or damaged. Unauthorized access from outside is controlled using an intrusion prevention system, and the Company is committed to equipping the system with all available technical devices to ensure security.
**B. Minimization and Training of Personnel Handling Personal Information**
- The Company limits the number of personnel handling personal information to those directly responsible and maintains a security pledge. The Company emphasizes compliance with the privacy policy by regularly training personnel.
**C. Operation of a Dedicated Privacy Protection Organization**
- The Company operates an internal organization dedicated to privacy protection to monitor compliance with the privacy policy and address any issues immediately. The Company is not responsible for problems caused by the user's negligence or issues related to the internet that lead to the disclosure of personal information such as resident registration numbers.
#### 10. Contact Information of the Personal Information Management Officer and Representative
If you have any complaints or inquiries regarding the protection of personal information arising from the use of the Company's services, please report them to the personal information management officer or the relevant department. The Company will promptly provide sufficient answers to user inquiries.
**Personal Information Management Officer**
- Person in Charge:
- Phone:+82) 2-855-1685 (302)
**Personal Information Management Representative**
- Person in Charge:
- Phone:+82) 2-855-1685 (302)
If you need to report or consult about a personal information violation, please contact the following organizations:
- Korea Information Security Agency (KISA) (www.eprivacy.or.kr / +82) 2-580-0533~4)
- Supreme Prosecutors' Office, Cyber Crime Investigation Department (www.spo.go.kr / +82) 2-3480-2000)
#### 11. Miscellaneous
Please note that this "Carbon T&C Privacy Policy" does not apply to the collection of personal information by websites linked to Carbon T&C.
#### 12. Obligation to Notify
If there are any additions, deletions, or modifications to this privacy policy, they will be notified through a 'popup' on the website at least 7 days before the changes take effect.
- Notification Effective Date: 2022