Spiceware. Co., Ltd., (Hereinafter referred to as "Company"), which operates ‘The Product of DB Encryption Solution’, has following processing policies in order to protect the personal information and rights of users, and handle user’s complaint smoothly in accordance with relevant laws such as “ACT ON PROMOTION OF INFORMATION AND COMMUNICATIONS NETWORK UTILIZATION AND INFORMATION PROTECTION, ETC.” (Hereinafter referred to as "Act on Information and Communications Network"), “PERSONAL INFORMATION PROTECTION ACT”, “GENERAL DATA PROTECTION REGULATION, etc.
This policy will be effective from Dec. 13th, 2019.
1. Purpose of collecting personal information, retention and use period of personal information
The company may process personal information of users when following cases apply.
Where the company obtains the consent from the information subject
Where the company concludes and fulfills a contract with the information subject
Where the company is to comply with legal obligations
Where the company needs processing for the important interests of the information subject
Where the company pursues legitimate interests
(Except where the interests, rights or freedoms of the information subject are more important than those)
The company processes personal information for the following purposes with the prior consent of users.
|Signing up and managing the service||Signing up by e-mail||Company name, Department name, Title, E-mail address (ID), Contact information,, Password||Until membership withdrawal|
|Authorization of signup||E-mail address (ID)|
|Finding password||E-mail address (ID)|
|Using the service||Providing the service||Company name, Department name, Title, Name, E-mail address(ID), Contact information,, Usage history|
|Credit payment||Name, Credit card number, Credit card company, Information of the purchased product,|
|Handling user complaints||Name, E-mail address, Content of inquiry|
|Analyzing and marketing based on the automatically generated information||Date and time of visit,, Record of service use, Information of accessIP, Cookies||For 1 year|
|Utilizing marketingand advertising||Sending advertising information with event and product information||E-mail address, Contact information,, Name, Company name, Department name,, Title||Until consent withdrawal or membership withdrawal|
If the purpose and items of the member information which processed by the company are changed, the company will ask for prior consent of the member in accordance with the relevant laws and regulations.
The company prohibits to process resident registration number in principle; however, the company processes only if it is specifically requested by the law, Presidential decree, National Assembly Regulations, Supreme Court Regulations, Constitutional Court Regulations, Central Election Management Commission Regulations, and the Board of Audit and Inspection Regulations.
The company does not collect personal information of children under 14 years old.
The company collects user’s personal information using following methods.
The way that the user inputs personal information directly on the website and application which the company operates
The way that the information such as use record, access los, etc. is automatically generated and collected in the process of using the service
The collected personal information is retained and used within the period of retention and use in accordance with relevant laws and regulations or the consented period by the information subject when the personal information is collected.
The required period of retention and use of personal information in accordance with relative lawsand regulations is following even if the purpose of collecting personal information consented by the user is achieved.
|Purpose of Retention||Period||Legal Grounds of Retention|
|Information related to transaction history and supporting documents||5 years||Basic Act for National Taxes, Corporate Tax Act|
|Record on sign/advertisement||6 months||The Act on Consumer Protection in Electronic Commerce|
|Record regarding contract or withdrawal of subscription||5 years||The Act on Consumer Protection in Electronic Commerce|
|Record of payment and supply of goods||5 years||The Act on Consumer Protection in Electronic Commerce|
|Record of consumer complaints or disputes||3 years||The Act on Consumer Protection in Electronic Commerce|
|Record-keeping about access||3 months||Protection of Communications Secrets Act|
|Where it is needed to be preserved inaccordance with relevant laws such as the Commercial Law, etc.||10 years||Commercial Law|
2. Consignment of personal information processing
The company consigns following personal information processing task for smooth work process.
|Amazon Web Service||System operation and data storage using cloud service||[email protected]|
|Danal Co.,Ltd.||Credit card payment||031-697-1243|
The company supervises the handling of personal information securely by the consignee in accordance with the relevant laws when signing the agreement of consignment.
If the consignee or content of consignment task is added or changed, the company will ask for prior consent in accordance with the relevant laws and regulations or announce it through this personal information processing policy without any delay.
3. Matters about providing personal information to third parties
The company processes personal information of the information subject only with the range specified in ‘1. Purpose of collecting personal information, retention and use period of personal information’, and the company provides personal information to third parties only in accordancewith Article 17 of the Personal Information Protection Act including the consent of the information subject, special provision of the laws and regulations, etc.
The company cannot provide user’s personal information to third parties without prior consent. However, following cases are exceptions.
Where the information of certain individuals is provided in an unidentifiable form as necessary for statistical writing, academic research or market research
Where there is a request pursuant to the relevant laws and regulations by the national agency
Where there is purpose of a criminal investigation or there is a request by the Korea Internet Safety Commission
Where there is a request pursuant to the procedures set forth in other relevant laws
4. Transfer of personal information to other countries
The company does not provide personal information to other companies outside of the country. However, the company consigns the following personal information processing task to another company outside of the country in order to fulfill the contract of provision of information and communication service and enhance the user convenience, etc.
5. User rights and duties, and how to exercise them
Users and legal representatives may exercise the following rights with respect to their registeredpersonal information.
In addition, users may request to read, correct, stop and delete personal information through written form, e-mail, homepage, etc.
If a user and legal representative requests correction or deletion for an error of the personal information, the company will not use or provide until the completion of correctionor deletion.
Users can withdraw the consent at any time if they do not want to use their personal information for the marketing and event purposes.
Users can request to transfer their personal information and file a complaint with the authority of personal information security.
The request for correction and deletion of personal information cannot be requested if that information is a subject of collection in accordance with other relative laws.
Exercise of user rights(reading, correction, stop the processing, or deletion) can be made through legal representative or delegatee of the user. In this case, a power of attorney in accordance with Form 11 of the Enforcement Rule of the Act on the Protection of Personal Information should be submitted.
When a user requests the reading, correction or deletion, or stop processing of personal information, the company confirms whether the user is himself/herself or a legitimate agent in accordance with the right of the subject of personal information.
Users have the following duties as subjects of personal information.
Users must keep their personal information up-to date, and it is up to the users to take responsibility for any problems caused by inputting incorrect personal information.
Users are responsible for maintaining the security of accounts, etc. and they cannot transfer or lease them to third parties.
If a person applies for the service using other person’s information, the eligibility of the service will be lost and he/she may be the subject of penalties under the relevant laws.
6. Destruction of personal information
The company destroys personal information without any delay if the purpose of processing personal information is fullyaccomplished according to “1. Purpose of collecting personal information, retention and use period of personal information”. The procedure and method of destruction are as follows.
Procedure of destruction
The information inputted by the users will be destroyed immediately after accomplishing the purpose. However, members who have not used the service for a year will be notified them beforehand, and if there are no separate requests from the users, their personal information is stored separately and securely from the information of active users.
Method of destruction
Information in the form of electronic files is destroyed by technical methods so that the record cannot be reproduced.
Personal information printed on the paper is destroyed by the shredder.
7. Matters about installation, operation and rejection of automatic collection tool of personal information.
The following informationis automatically generated / collected in the process of using the service or processing of personal information and may be used for the following purposes.
Automatically generated information: date and time of visit, record of service use, information of access IP, cookies(Cookies are small amounts of information which sent to a user’s computer browser by server used to operate a website, and may also be stored on the user’s device.)
Purpose of use of automatically generated information:
To provide optimized information to users
To offer personalized product advertising and marketing
To analyze user behavior and the service
To comply with the obligation of record under the Act on Information and Communications Network
Collecting method using analysis tools:
Google analytics : The company uses a web log analysis tools which provided by Google, and collects the main behaviors(behavior information) of the service users using cookies. The collected information cannot be used to identify individual users; however, users can refuse to collect cookies by following methods.
Pixel : The company uses a web log analysis tools which provided by Facebook, and collects the main behaviors(behavior information) of the service users using cookies. The collected information cannot be used to identify individual users; however, users can refuse to collect cookies by following methods.
Methods of installation, operation and refusal of cookies : Users can refuse to store cookies by following methods
Internet Explorer : Users can change their cookies settings at the following path “Tools > Internet options > Privacy > Advanced”.
Microsoft Edge : Users can change their cookies settings at the following path “Menu >Settings > Advanced > Privacy & security > Cookies”.
Chrome : Users can change their cookies settings at the following path “Menu > Settings > Advanced > Site settings > Cookies and site data”.
f users refuse to store cookies, there is no problem in using the service; however, customized service is not available.
8. Information about the person in charge of personal information security (CPO and DPO)
The company has designated the person in charge of personal information security as follows in order to take responsibility for overall personal information related business and handle complaints and relieve damage of users related to personal information.
The person in charge of personal information security (CPO and DPO)
Name: Eunjin Park
E-mail: [email protected]
Users may ask for all of inquiries related to personal information security, complaint, damage relief etc. to the person in charge of personal information security while they are using the company’s service. The company will reply and process user inquiries without any delay.
9. Measures to ensure the personal information security
The company, pursuant to Article 29 of PERSONAL INFORMATION PROTECTION ACT, has the following technical, managerial and physical measures to ensure security.
Minimization and training of personal information handling employees
The company minimizes the number of employees who handle personal information, and regularly conduct training program for personal information security in order to manage personal information.
Establishment and enforcement of internal management plans
The company has established and implemented internal management plans for the secure processing of personal information.
Keeping access logs and preventing forgery and falsification
The company keeps and manages logs(web log, summarized information, etc.) accessed to the personal information processing system for at least six months in order to cope with easily when the personal information infringement incident occurs, and uses security features to prevent forgery, falsification, theft or loss of access logs.
Encryption of personal information
User’s personal information has been stored and managed in encrypted form.In addition, the company uses separate security features such as encrypting importantdata during storage and transmission, etc.
Technical measures against hacking
The company installs security programs and updates/inspects them periodically in order to prevent leakage and damage of personal information caused byhacking or computer viruses. And also, the system is installed in an area where access from outside is controlled, and it is technically/physically monitored and blocked.
Restriction of access to personal information
The company takes necessary measures to control access to the personal information by authorization, modification, and cancellation of access to the personal information processing system.
10. Remedies against infringement on rights of the subject of information
If you need more detailed information about the infringement on rights of the subject of information, please contact the following organizations.
Privacy Infringement Report Center (Operated by Korea Internet & Security Agency)
Responsibilities : Reporting the fact of personal information infringement and applying for consultation
Homepage : privacy.kisa.or.kr
Phone : (Without an area code) 118
Address : Privacy Infringement Report Center , 3F, 9 Jinheung-gil, Naju, Jeollanam-do, Republic of Korea, 58324
Personal Information Dispute Mediation Committee
Responsibilities : Applying for mediation of disputes on personal information and mediation of collective disputes(civil resolution)
Homepage : www.kopico.go.kr
Phone : (Without an area code) 1833-6972
Address : 4F, Government Complex-Seoul, 209, Sejong-daero, Jongno-gu, Seoul, Republic of Korea, 03171
Cyber Investigation Division of Supreme Prosecutors’ Office : 02-3480-3573 (www.spo.go.kr)
Cyber Bureau of National Police Agency : 182 (cyberbureau.police.go.kr)
11. Matters about changes of the policy of processing personal information
This personal informationprocessing policy will be applied from the effective date. If there is any addition, deletion or correction in accordance with relative laws, regulations and policies, the company will announceit 7 days prior to the effective date through the homepage.