Privacy Policy of Kennyma Co., Ltd.
Privacy Policy of Kennyma Co., Ltd.
Kennyma Co., Ltd. (hereinafter referred to as the “Company”) values the personal information of data subjects (customers) and complies with the Act on Promotion of Information and Communications Network Utilization and Information Protection. Through this Privacy Policy, the Company informs customers of the purpose and manner in which the personal information provided is used, as well as the measures taken to protect such information.
If the Company revises this Privacy Policy, it will be announced via the website notice (or individual notice).
This Privacy Policy includes the following contents:
Items of personal information collected
Purpose of collecting and using personal information
Retention and usage period of personal information
Provision of personal information
Entrustment of collected personal information
Procedures and methods of destroying personal information
Technical and administrative measures for protecting personal information
Matters concerning installation and rejection of automatic personal information collection devices
Rights of users and legal representatives and methods of exercising them
Notification in case of personal information leakage
Customer service regarding personal information
Duty of notification
01. Items of Personal Information Collected
The Company collects the following personal information for inquiries and consultations:
Items collected: Name, email address, contact number, address, product information
Collection method: Website, mobile, customer center, call center system handled by employees
02. Purpose of Collecting and Using Personal Information
The Company uses the collected personal information solely for the purposes stated below and does not use it for any other purpose.
Identification and guidance when using customer inquiries
03. Retention and Usage Period of Personal Information
The Company destroys the personal information without delay once the purpose of collection and use is achieved.
04. Provision of Personal Information
The Company does not provide users’ personal information to external parties without prior consent, except in the following cases:
When the user has given prior consent
When obligated by relevant laws and regulations
05. Procedures and Methods of Destroying Personal Information
The Company destroys personal information without delay once the purpose of collection and use has been achieved.
Destruction procedure
Information entered for inquiries, etc., will be transferred to a separate database (or separate storage for paper documents), stored for a certain period according to internal policies and relevant laws, and then destroyed. Personal information transferred to the separate database will not be used for any purpose other than retention unless required by law.
Destruction method
Electronic files: Deleted safely using technical methods that prevent recovery or reproduction.
Printed materials: Destroyed by shredding or incineration.
06. Technical and Administrative Measures for Protecting Personal Information
The Company makes every effort to safely manage users’ personal information and protects it at levels above those required by the Information and Communications Network Act and the Personal Information Protection Act.
Key information legally required to be encrypted is encrypted and managed. Data transmitted between the homepage and PCs is also encrypted.
Systems are operated in facilities with restricted external access to prevent damage from computer viruses. Data is backed up regularly, and the latest antivirus software and security tools are used to prevent leaks or hacking.
Personal information handlers are kept to the minimum number required, and regular and ad hoc training on personal information protection is provided. Security pledges are signed by all employees to prevent information leakage in advance.
07. Matters Concerning Installation and Rejection of Automatic Personal Information Collection Devices
The Company does not operate devices such as cookies that automatically collect personal information when using Internet services.
08. Rights of Users and Legal Representatives and Methods of Exercising Them
Users and legal representatives may request to view, correct, delete, suspend processing, or withdraw consent for their personal information (or that of children under 14) at any time.
To view or modify personal information, users can request via the homepage, main phone number, or official email. After verification, viewing, correction, or withdrawal will be processed.
The Company may refuse requests in the following cases:
When viewing is prohibited or restricted by law
When it may harm another person’s life or body, or unfairly infringe upon another person’s property or interests
If a correction request is made, the relevant personal information will not be used or provided until the correction is completed. If the incorrect information has already been provided to a third party, the correction result will be immediately communicated to that third party.
Deleted personal information is processed in accordance with the “Retention and Usage Period of Personal Information” and cannot be viewed or used for any other purposes.
Users also have the obligation to protect their own personal information and not infringe on the personal information of others. Users should be careful to prevent leakage of their passwords or other personal information and should not harm the personal information of others (e.g., through posts). Violation of this duty may result in punishment under the Act on Promotion of Information and Communications Network Utilization and Information Protection, etc.
09. Notification in Case of Personal Information Leakage
If the Company becomes aware that personal information has been leaked, it will notify the affected customer without delay of the following details and take necessary measures:
Leaked personal information items
Time and circumstances of the leak
Measures customers can take to minimize possible damage
Company’s countermeasures and remedies
Contact information of the responsible department for reporting and inquiries
If urgent action is required to prevent further spread of the leak, measures will be taken first, and notification will follow without delay.
If the scale of the leak exceeds the threshold specified by Presidential Decree, the Company will notify customers individually and also post the incident on the first screen of the homepage, customer center, and notices section in a clearly visible place for at least 30 days.
10. Customer Service Regarding Personal Information
The Company designates the following person as the Chief Privacy Officer to protect customers’ personal information and handle related complaints:
Chief Privacy Officer: CEO Seong-Gu Noh
Phone: +82-55-337-9927
Customers may report any complaints related to personal information protection to the Chief Privacy Officer or relevant department. The Company will respond promptly and sufficiently.
For dispute resolution or consultation on personal information infringement, customers may also contact:
Personal Information Infringement Reporting Center (privacy.kisa.or.kr / TEL: 1336)
Personal Information Dispute Mediation Committee (www.kopico.go.kr / TEL: 1833-6972)
Supreme Prosecutors’ Office Cyber Investigation Division (www.spo.go.kr / TEL: 1301)
National Police Agency Cyber Bureau (cyberbureau.police.go.kr / TEL: 182)
11. Duty of Notification
This Privacy Policy is effective from January 1, 2024.
Would you also like me to prepare a Japanese version of this privacy policy for your bilingual materials?