Personal Information Processing Policy (1st of Jan. 2023)

YEST Corporation ('https://www.yest.co.kr', hereinafter called 'YEST') has the following personal information processing policy for protection of user’s personal information and rights and interests and for smooth handling of users’ grievance related to personal information according to Personal Information Protection Act. 'YEST' will make an announcement through individual popup (or individual notice) in the homepage if personal information processing policy is changed.

○ The policy will come into effect on the 1st of January in 2023.


1. Purpose of processing personal information

  'YEST' is to process personal information for the following purposes, and it is not used for any purpose other than the following purposes. If purposes of use are changed,
 we will seek prior consent.

 A. Preservation of record of entering and leaving the company, registration of member companies, management of customer purchase sales registration, tax report and
  exchange of administrative affairs with administrator, various notice · announcement, grievance handling, dispute conciliation.
 B. Preservation of management record of access and absenteeism and tardiness record.
 C. Safety and fire prevention of personal video information facilities and others.


2. Personal information file status

Personal information file name: personal information
  - Personal information items

   - Collection method: written form (company application), homepage (Voice of customer, Application for a visit), phone / fax
   - Retention basis: document or DB
   - Retention period: 3 years
   - Related Law: Records of customer complaint or settlement of disputes: 3 years, Records of collection/processing and use of credit information: 3 years, Records of cost
   settlement and supply of goods, etc.: 5 years, Records of agreement or subscription withdrawal: 5 years, Records of marking/advertising: 6 months


3. Entrustment of Personal information processing

  ① 'YEST' is entrusting the following personal information processing work for smooth processing and handling of personal information business.
  ② When signing the entrustment contract, responsibilities such as prohibition to process personal information other than the entrusted work, technical and administrative
  protection measure, restriction on re-entrustment, management and supervision of the entrustment company and compensation for damages will be specified in
  documents such as the contract pursuant to the 25th article of the Personal Information Protection Act, and whether or not the entrustment company is safely processing
  personal information is being supervised.
  ③ When the content of the entrusted work or the entrustment company changes, such change will be disclosed in Personal Information Processing Policy without delay.


4. Right and Duty of information subject and legal representative and exercise method

 ① Information subject can exercise personal information protection related right of item described below at any time to 'YEST'.
  1. Request for access to personal information
  2. Request for correction of error
  3. Request for deletion
  4. Request for stopping of handling
 ② Right exercise in accordance with Section one can be via by letter, e-mail, FAX and 'YEST' will take measures without delay in accordance with the appended form No 8 in
  enforcement regulations of Personal Information Protection Act.
 ③ In case of request for correction or deletion error of personal information by information subject, 'YEST' shall not use or provide the relevant personal information until
  correction or deletion is completed.
 ④ Exercise right in accordance with Section one through legal representative of information subject or commissioned representative. In this case, power of attorney shall be
  submitted in accordance with appended form No 11 of Enforcement Rules of Personal Information Protection Act.


5. Processing personal information items

 ① 'YEST' handles the following personal information items.
  - Prerequisite items: purposes of personal information processing, personal information file status, processing and period of possession of personal information, provision
  details of personal information to the 3rd party parties, entrustment of personal information processing, Rights · duties of information subject and the exercise method,
  processing personal information item, destruction of personal information, Privacy officer, change of personal information processing policy, measures to secure safety of
  personal information
 - Optional item: department for receiving · handling request for inspection of personal information


6. Destruction of personal information

 - Destruction procedure
  Information entered by users will be move to separate DB (In case of paper, separate document) after accomplishing the purposes and will be destroyed immediately
  destroyed after storing for certain period in accordance with the internal policy and other related law. At this point, personal information moved to DB shall not be used
  for any other purposes than the prescribed ones, provided that exception may exist in the relevant law.
 - Expiration date for destruction
  The relevant personal information shall be immediately destroyed in case when the retention of personal information becomes unnecessary, including when the retention
  period expires or when the original purpose of collecting and retaining the information is accomplished within 5 days of end date of period of possession
 - Destruction method
   Information in form of electronic file shall be destroyed with special technology to permanently erase the contents. In case of personal information printed on paper,
  shall be destroyed using paper shredder or incineration using a shredder.


7. Security Assurance of Personal Information

  1. Minimization of personal information processing employee and education. An employee to handle personal information shall be designated and personal information will
  be managed only by the person in charge after minimizing personal information.
  2. Conduction of regular internal inspection. Regular (Monthly) internal inspection will be conducted to secure stability related to handling of personal information.
  3. Establishment and implementation of internal management plan. We establish and implement internal management plan for safe handling of personal information.
  4. personal information of encryption user shall be stored and managed after password encryption. Therefore, separate security function such as encryption or file locking
  shall be used for file and transmission data of information that only one can know and important data.
  5. technological measures against hacking. 'YEST' will set up security program to prevent personal information leakage and damage due to hacking or computer virus and
  regular renewal · inspection and installation of system in restricted area and technological/physical monitoring and blocking.
  6. access limitation to personal information. We take measures for personal information access control by providing, changing and cancelling access right to database
  system for processing of personal information and control unauthorized external access using intrusion blocking system.
  7. Storage of access record and prevention of forgery. Access record shall be kept at least for 1 year in the personal information processing system. To prevent forgery, theft
  and loss, security function for management and access record shall be used.
  8. Use locking device for document security. Document, secondary storage media that contain personal information shall be store in safe place with locking device.
  9. Access control to unauthorized person. 'YEST' shall separately establish Physical Storage Location that stores personal information and set up and manage access control
  procedure.


8. Privacy officer

 ① 'YEST' is in charge of personal information processing work. 'YEST' shall designate privacy officer described below for complaint handling and damage relief of information
  subject related to personal information processing.

 ▶ Privacy officer
 Department: Management Support Team, person in charge: Yoo, Jeong-yong, position: manager, contact point: 031-612-3392, e-mail: jyyoo@yest.co.kr
 ▶ Department in charge of personal information protection
 Department: Management Support Team, person in charge: Hong, Geun-hwa, position: deputy department head, contact point: 031-612-3326, e-mail: ghhong@yest.co.kr

 ② Should information subject has any personal information protection related inquiry, complaint handling, damage relief occurred while using 'YEST' service (or business),
  please contact privacy officer and department in charge. 'YEST' will answer and handle the inquiry of information subject without delay.


9. Personal information inspection request

  ① Information subject will request for inspection of personal information in accordance with article of 35 in Personal Information Protection Act to the following
  department. 'YEST' will make effort for quick handling of the request for inspection of personal information of information subject.
  ▶ Department for receiving and handling of personal information inspection request: Management Support Team person in charge: Hong, Gun-hwa, deputy department
  head, contact point: 031-612-3326, ghhong@yest.co.kr

  ② Besides inspection request receipt handling department in Section one, information subject can request for inspection of personal information on ‘personal information
  protection general support portal (www.privacy.go.kr)’ of personal information protection committee.
  ▶ Personal information protection general support portal of personal information protection committee → personal information complaint → request for personal
  information access (I-PIN is needed for identification.)


10. Remedies for the Violation of Right and Interest

 The following organizations are separate organizations from 'YEST'. If you not satisfied with the result of YEST Corporation (‘http://www.yest.co.kr', hereinafter called 'YEST')’s
 own personal information complaint handling, damage relief or need more detailed help, please make an inquiry.

 ▶ Personal information infringement report center: (Without Area Code) 118 (privacy.kisa.or.kr)
 ▶ Personal information dispute mediation committee: 1833- 6972 (www.kopico.go.kr)
 ▶ Cyber Crime Investigation Division of the Supreme Prosecutors’ Office: (Without Area Code) 1301 (www.spo.go.kr)
 ▶ National Police Agency Cyber Security Bureau: (Without Area Code) 182 (ecrm.cyber.go.kr/minwon/main)


11. Change of Personal Information Processing Policy

 This personal information processing policy will be applied from the effective date. In case of addition, deletion or correction of change details in accordance with law and
 policy, notice will be announced in individual popup from seven days before implementation of change.