YEST Corporation ('https://www.yest.co.kr', hereinafter called 'YEST') has the following personal information processing policy for protection
of user’s personal information and rights and interests and for smooth handling of users’ grievance related to personal information according
to Personal Information Protection Act. 'YEST' will make an announcement through individual popup (or individual notice) in the homepage
if personal information processing policy is changed.
○ The policy will come into effect on the 1st of January in 2024.
'YEST' is to process personal information for the following purposes, and it is not used for any purpose other than the following purposes. If purposes of use are changed,
we will seek prior consent.
A. Preservation of record of entering and leaving the company, registration of member companies, management of customer purchase sales registration, tax report and
exchange of administrative affairs with administrator, various notice · announcement, grievance handling, dispute conciliation.
B. Preservation of management record of access and absenteeism and tardiness record.
C. Safety and fire prevention of personal video information facilities and others.
Personal information file name: personal information
- Personal information items
- Collection method: written form (company application), homepage (Voice of customer, Application for a visit), phone / fax
- Retention basis: document or DB
- Retention period: 3 years
- Related Law: Records of customer complaint or settlement of disputes: 3 years, Records of collection/processing and use of credit information: 3 years, Records of cost
settlement and supply of goods, etc.: 5 years, Records of agreement or subscription withdrawal: 5 years, Records of marking/advertising: 6 months
① 'YEST' is entrusting the following personal information processing work for smooth processing and handling of personal information business.
② When signing the entrustment contract, responsibilities such as prohibition to process personal information other than the entrusted work, technical and administrative
protection measure, restriction on re-entrustment, management and supervision of the entrustment company and compensation for damages will be specified in
documents such as the contract pursuant to the 25th article of the Personal Information Protection Act, and whether or not the entrustment company is safely processing
personal information is being supervised.
③ When the content of the entrusted work or the entrustment company changes, such change will be disclosed in Personal Information Processing Policy without delay.
① Information subject can exercise personal information protection related right of item described below at any time to 'YEST'.
1. Request for access to personal information
2. Request for correction of error
3. Request for deletion
4. Request for stopping of handling
② Right exercise in accordance with Section one can be via by letter, e-mail, FAX and 'YEST' will take measures without delay in accordance with the appended form No 8 in
enforcement regulations of Personal Information Protection Act.
③ In case of request for correction or deletion error of personal information by information subject, 'YEST' shall not use or provide the relevant personal information until
correction or deletion is completed.
④ Exercise right in accordance with Section one through legal representative of information subject or commissioned representative. In this case, power of attorney shall be
submitted in accordance with appended form No 11 of Enforcement Rules of Personal Information Protection Act.
① 'YEST' handles the following personal information items.
- Prerequisite items: purposes of personal information processing, personal information file status, processing and period of possession of personal information, provision
details
of personal information to the 3rd party parties, entrustment of personal information processing, Rights · duties of information subject and the exercise method,
processing personal information item, destruction of personal information, Privacy officer, change of personal information processing policy, measures to secure safety of
personal information
- Optional item: department for receiving · handling request for inspection of personal information
- Destruction procedure
Information entered by users will be move to separate DB (In case of paper, separate document)
after accomplishing the purposes and will be destroyed immediately
destroyed after storing for certain period in accordance with the internal policy and other related law.
At this point, personal information moved to DB shall not be used
for any other purposes than the prescribed ones, provided that exception may exist in the relevant law.
- Expiration date for destruction
The relevant personal information shall be immediately destroyed in case when the retention of personal information becomes unnecessary,
including when the retention
period expires or when the original purpose of collecting and retaining the information is accomplished within 5 days of end date of period of possession
- Destruction method
Information in form of electronic file shall be destroyed with special technology to permanently erase the contents. In case of personal information printed on paper,
shall be destroyed using paper shredder or incineration using a shredder.
1. Minimization of personal information processing employee and education. An employee to handle personal information shall be designated and personal information will
be managed only by the person in charge after minimizing personal information.
2. Conduction of regular internal inspection. Regular (Monthly) internal inspection will be conducted to secure stability related to handling of personal information.
3. Establishment and implementation of internal management plan. We establish and implement internal management plan for safe handling of personal information.
4. personal information of encryption user shall be stored and managed after password encryption. Therefore, separate security function such as encryption or file locking
shall be used for file and transmission data of information that only one can know and important data.
5. technological measures against hacking. 'YEST' will set up security program to prevent personal information leakage and damage due to hacking or computer virus and
regular renewal · inspection and installation of system in restricted area and technological/physical monitoring and blocking.
6. access limitation to personal information. We take measures for personal information access control by providing, changing and cancelling access right to database
system for processing of personal information and control unauthorized external access using intrusion blocking system.
7. Storage of access record and prevention of forgery. Access record shall be kept at least for 1 year in the personal information processing system. To prevent forgery, theft
and loss, security function for management and access record shall be used.
8. Use locking device for document security. Document, secondary storage media that contain personal information shall be store in safe place with locking device.
9. Access control to unauthorized person. 'YEST' shall separately establish Physical Storage Location that stores personal information and set up and manage access control
procedure.
① 'YEST' is in charge of personal information processing work. 'YEST' shall designate privacy officer described below for complaint handling and damage relief of information
subject related to personal information processing.
▶ Privacy officer
Department: Management Support Team, person in charge: Yoo, Jeong-yong, position: manager, contact point: 031-612-3392, e-mail: jyyoo@yest.co.kr
▶ Department in charge of personal information protection
Department: Management Support Team, person in charge: Hong, Geun-hwa, position: deputy department head, contact point: 031-612-3326, e-mail: ghhong@yest.co.kr
② Should information subject has any personal information protection related inquiry, complaint handling, damage relief occurred while using 'YEST' service (or business),
please contact privacy officer and department in charge. 'YEST' will answer and handle the inquiry of information subject without delay.
① Information subject will request for inspection of personal information in accordance with article of 35 in Personal Information Protection Act to the following
department. 'YEST' will make effort for quick handling of the request for inspection of personal information of information subject.
▶ Department for receiving and handling of personal information inspection request: Management Support Team person in charge: Hong, Gun-hwa, deputy department
head, contact point: 031-612-3326, ghhong@yest.co.kr
② Besides inspection request receipt handling department in Section one, information subject can request for inspection of personal information on ‘personal information
protection general support portal (www.privacy.go.kr)’ of personal information protection committee.
▶ Personal information protection general support portal of personal information protection committee → personal information complaint → request for personal
information access (I-PIN is needed for identification.)
The following organizations are separate organizations from 'YEST'. If you not satisfied with the result of YEST Corporation (‘http://www.yest.co.kr', hereinafter called 'YEST')’s
own personal information complaint handling, damage relief or need more detailed help, please make an inquiry.
▶ Personal information infringement report center: (Without Area Code) 118 (privacy.kisa.or.kr)
▶ Personal information dispute mediation committee: 1833- 6972 (www.kopico.go.kr)
▶ Cyber Crime Investigation Division of the Supreme Prosecutors’ Office: (Without Area Code) 1301 (www.spo.go.kr)
▶ National Police Agency Cyber Security Bureau: (Without Area Code) 182 (ecrm.cyber.go.kr/minwon/main)
This personal information processing policy will be applied from the effective date. In case of addition, deletion or correction of change details in accordance with law and
policy, notice will be announced in individual popup from seven days before implementation of change.