Centero

Privacy Policy

Article 1 Personal Information Collection Items and Purpose of Use

1.The Company collects and uses personal information for the following purposes. The personal information being processed is not used for purposes other than the following purposes, and if the purpose of use is changed, necessary measures such as obtaining separate consent from the subject of personal information in accordance with Article 18 of the Personal Information Protection Act shall be implemented.

Type	Required Information
Items to be collected	ID, password, name, affiliation (company), company e-mail, company phone number, company address
Purpose of Use	Identification of users, communication to notify of business processing results, processing requirements for the use of the system, analysis of the use of the system, prevention of illegal and fraudulent use.
Period of Retention	Until membership withdrawal

2.The following information may be automatically generated or additionally collected in the process of using the service or business processing, and the Company may collect and use them within the scope of the processing purpose described in Paragraph 1.
- IP address, access log, cookie, service use record, bad use record
3.In principle, the Company provides the services only to the users over the age of 14.

Article 2 Personal Information Processing and Retention Period

1.The Company processes and retains personal information within the period of retention and use of personal information agreed upon when collecting personal information from the information subject.

2.Notwithstanding Paragraph 1, if there is a need to preserve in accordance with the relevant laws and regulations, the Company may retain personal information for the period stipulated by the relevant laws and regulations, and the retention period is as follows.

Relevant Laws	Personal Information	Storage Period
Act on Consumer Protection in E-Commerce, Etc.	Records on contract or subscription withdrawal	5 years
	Records on payment and supply of goods	5 years
	Records on handling consumer complaints or disputes	3 years
	Records on marks and advertisement	6 months
The Framework Act on National Taxes	Books and supporting documents for transactions	5 years
The Protection of Communications Secrets Act	Records on visits, such as log records, etc.	3 months

Article 3 Provision of Personal Information to Third Parties

The Company shall process the personal information of the information subject only within the scope of the purpose of processing specified in Article 1, and the personal information is provided to third parties only in such cases as the consent of the information subject or special provisions of the law in accordance with Articles 17 and 18 of the Personal Information Protection Act. In other cases, the personal information of the information subject will not be provided to third parties.

Article 4 Consignment of Personal Information Processing

1.The Company consigns the personal information processing tasks as follows for smooth personal information processing.

Person entrusted with(Consignee)	SK Shieldus Inc.
Contents of Consigned Work	Customer consultation and complaint handling Firewall, intrusion detection, vaccine SW service operation
Period of Retention and Use	Until the end of consignment

2.In accordance with Article 26 of the Personal Information Protection Act, when concluding a consignment contract, the Company specifies such provisions in written documents including contracts as prohibition of processing of personal information other than for the purpose of performing consignment work, technical and managerial protection measures, the purpose and scope of consignment work, restrictions on re-consignment, measures to ensure safety of personal information, management and supervision over the consignees, responsibilities such as compensation for damages, and supervise whether the consignees handle personal information safely.
3.If the contents of the consignment work or the consignee is changed, such will be disclosed without delay through this privacy policy.

Article 5 Procedures and Methods for Destruction of Personal Information
1. 1.The Company shall destroy the personal information without delay when the personal information becomes unnecessary, such as when the retention period of personal information has elapsed or the purpose of processing has been achieved.
2. 2.In the event that the personal information needs to be kept in accordance with other laws even if the personal information retention period agreed by the information subject has elapsed or the purpose of processing has been achieved, the Company shall move the personal information to a separate database or place them in a separate storage location.
3. 3.For users who have not used the Centero service for one year, the Company switches the account to a dormant account, separates and safely stores personal information, and the separated personal information is stored for one year and then destroyed without delay.
4. 4.The Company's personal information destruction procedures and methods are as follows.
  1. A.Destruction Procedure
    
    The Company shall select the personal information for which the reasons for destruction occur, and destroy the personal information with the approval of the Company's personal information protection officer.
  2. B.Destruction Method
    
    Personal information printed on paper shall be shredded with a shredder or destroyed through incineration.
    
    Personal information recorded and stored in the form of an electronic file will be deleted using a technical method that makes it impossible to reproduce the record.
Article 6 Rights and Obligations of Information Subjects and Method of Exercising
1. 1.The information subject can exercise the following personal information protection rights against the Company at any time.
  1. A.Request to view personal information
  2. B.Request for correction in case of errors, etc.
  3. C.Request for deletion
  4. D.Request to stop processing
2. 2.The exercise of rights can be made to the Company in writing, e-mail, fax, etc., and the Company shall take action without delay.
3. 3.Rights can be exercised through an agent such as a legal representative of the information subject or a person who has been delegated. In this case, a power of attorney in the form of Attachment No. 11 of the "Notice for Personal Information Processing Method (No. 2020-7) must be submitted".
4. 4.The rights of the information subject may be restricted to request access to and suspension of processing of personal information in accordance with Article 35 (4) and Article 37 (2) of the Personal Information Protection Act.
5. 5.The request for correction and deletion of personal information cannot be made if the relevant personal information is specified as a collection target in other laws.
6. 6.The Company shall confirm whether the person, who made the request, such as a request for viewing, correction, deletion, or suspension of processing according to the rights of the information subject, is the person him- or herself, or a legitimate agent.
Article 7 Matters concerning installation, operation, and rejection of automatic personal information collection device
1. 1.The Company uses "cookies" that store and retrieve users' information from time to time to provide customized services tailored to users.
2. 2.A cookie is a small amount of information that the server (HTTP) used to operate the website sends to the user's computer browser, and my be also stored on the hard disk of the user's PC computer. However, users have the option to install cookies, and by setting options in the web browser, users can accept all cookies, check each time when a cookie is saved, or refuse to save all cookies. However, if users refuse to store cookies, there may be restrictions on the use of this service.
3. 3.Cookies are used to provide optimized information to users by identifying the purpose of their visit.
4. 4.The method of refusing to store cookies is as follows.
  1. A.For Internet Explorer
    
    “Tools” menu at the top of the web browser > “Internet Options” > “Privacy” tab > Custom settings
  2. B.For Chrome
    
    Select the icon in the upper right corner of your web browser > Select “Settings” > Select “Show advanced settings” at the bottom of the screen > “Content Settings” button in the Privacy section > Set directly in the Cookies section
Article 8 Measures to ensure the safety of personal information
The Company prepares and applies the following technical/administrative measures to ensure safety so that personal information is not lost, stolen, leaked, altered or damaged in handling personal information of information subjects.
1. 1.Password encryption
  - Password is stored and managed after being encrypted.
2. 2.Countermeasures against hacking, etc.
  - The Company is doing its best to prevent the leakage or damage of personal information of information subjects by hacking or computer viruses.
  - Data is frequently backed up in preparation for damage to personal information, and the latest vaccine programs are used to prevent leakage or damage of personal information or data of information subjects. In addition, an intrusion prevention system is used to control unauthorized access from the outside, and the Company is doing its best for security by equipping all possible technical devices to secure security by the operation of the system.
3. 3.Minimization of handling staff and their education
  - The access permission is granted only to the staff of the Company in charge of personal information handling, and a separate password for this purpose is given and updated regularly. The Company also always emphasizes compliance with the personal information processing policy through frequent training for the person in charge.
4. 4.The operation of an organization dedicated for private information protection
  The Company checks the implementation of the personal information processing policy and compliance with the policy by the person in charge through the establishment of an in-house personal information protection organization, etc. When problems are discovered, the Company is working hard to correct and rectify them immediately. However, the Company is not responsible for any problems arising from the leakage of personal information due to negligence of the information subject or problems on the Internet.

Article 9 Personal Information Protection Officer

1.The Company designates a person in charge of personal information, who is responsible for overall handling of personal information, as follows to handle complaints and damage relief for members related to personal information processing.

Category	Personal information protection officer	Personal information protection manager
Name	Ho-Yeol Lee, Group Leader	Manager in charge of Centero operation
Affiliation	SK Inc. Platform BM Group	02-6400-1680
Phone	SK Inc. Platform BM Group	02-6400-4581
e-mail	centero_info@sk.com	centero_info@sk.com

2.The information subject can inquire about all personal information protection related inquiries, complaint handling, damage relief, and personal information inquiry requests that occurred while using the Company's services (or business) to the person in charge of personal information protection and the department in charge. The Company will respond and handle the inquiries of the information subject without delay.

Article 10 Request for viewing personal information
The information subject may file a request for access to personal information in accordance with Article 35 of the Personal Information Protection Act to the following departments. The Company will make every effort to promptly process the personal information access request of the information subject.
- Reception/processing department of personal information access request: The department in charge of Personal Information Protection under the article 8.
Article 11 Remedies for Infringement of Rights
1. 1.The information subject may inquire about damage relief and consultation for personal information infringement to the following organizations.
  The following organizations are separate organizations from the Company. If you are not satisfied with the Company's own personal information complaint handling and damage relief results, or if you need more detailed help, please contact them.
  - Reception/processing department of personal information access request: The department in charge of Personal Information Protection under the article 8.
2. 2.Personal Information Infringement Report Center (operated by Korea Internet & Security Agency)
  - Related Task: Reporting personal information infringement, applying for consultation
  - Homepage: privacy.kisa.or.kr
  - Telephone: (without area code) 118
  - Address: (58324) 3rd floor, 9, Jinhong-gil, Naju-si, Jeollanam-do (301-2, Bitgaram-dong)
3. 3.Personal Information Dispute Mediation Committee
  - Related Task: Application for personal information dispute mediation, collective dispute mediation (civil settlement)
  - Homepage: www.kopico.go.kr
  - Tel: (without area code) 1833-6972
  - Address: (03171) 12th Fl of Government Complex Seoul, 209, Sejong-daero, Jongno-gu, Seoul, Republic of Korea
4. 4.Cybercrime Investigation Division of Supreme Prosecutor's Office
  - Homepage: www.spo.go.kr
  - Phone 02-3480-3573
5. 5.Korean National Police Agency Cyber Bureau
  - Homepage: cyberbureau.police.go.kr
  - Tel: (without area code) 182
Article 12 GDPR
The Company shall comply with the General Data Protection Regulation of the European Union and the laws of each Member State, and when providing services to users in the European Union, the following may apply.
1. 1.Purpose and basis of processing of personal information
  The Company uses the collected personal information only for the purposes stated in the "Purpose of Use of Personal Information", and informs users of the fact in advance and seeks consent. And in accordance with applicable laws such as GDPR, the Company may process users' personal information in one of the following cases.
  - In the case that the data subject consents
  - For the conclusion and execution of a contract with the data subject
  - For compliance with legal obligations
  - In the case that processing is necessary for the material interests of the data subject
  - For the pursuit of the legitimate interests of the Company (except when the interests, rights or freedoms of the data subject are more important than the interests of the Company)
2. 2.The Company carefully protects the personal information of the information subject. In accordance with applicable laws such as GDPR, information subjects may request to transfer their personal information to another controller and may refuse to process their own information. And an information subject has the right to file a complaint to the personal information protection authority.
  
  In addition, the Company may use personal information to provide marketing such as events and advertisements, and seeks the consent of the information subject in advance. Information subjects can withdraw their consents at any time, if they do not wish.
  
  Requests related to the above matters will be dealt with without delay if you contact us in writing, by phone or e-mail through the customer center. If you request correction of errors in personal information, the personal information will not be used or provided until the correction is completed.
Supplementary Provisions

This Privacy Policy is effective from 01/01/2023.