Article 1. GENERAL PROVISIONS
- 1-1. NEXEN TIRE Co., Ltd. (the “Company” and also referred to as its website address of www.nexentire.com) considers the protection of its customers’ information to be the most important task and complies with the regulations on the protection of personal information under the Act on Promotion of Information and Communications Network Utilization and Information Protection, etc. and the Guidelines for Protection of Personal Information, enacted by the Ministry of Knowledge Economy (formerly known as the Ministry of Information and Communication). This Policy is to set forth any and all actions that the Company is carrying out to protect the customers’ information for the purposes of collection and use of such information provided by the customers, in compliance with the Guidelines for Protection of Personal Information.
- 1-2. The Company discloses the Guidelines for Protection of Personal Information on its website (www.nexentire.com), which is fully accessible to the customers at any time. In this regard, the Company respectfully requests its customers to give their consent on the Guidelines for Protection of Personal Information when they sign up for the membership of the Company.
- 1-3. The Company complies with the procedures necessary to continuously improve and to amend the Guidelines for Protection of Personal Information. In case of amendment to the Guidelines for Protection of Personal Information, the Company discloses such amendment to its customers for their easy access.
Article 2. Scope of Collection of Personal Information
- 2-1. "Personal Information" refers to the information pertaining to a live individual, and such information identifies a specific person with a name, a national identification number, or similar in a form of code, letter, voice, sound, image, or any other form (including information that does not, by itself, make it possible to identify a specific person but that enables to identify such person easily if combined with another information).
- 2-2. The Company collects only the Personal Information that are listed in Article 2-3 of the Guidelines for Protection of Personal Information, which are the minimal information necessary for the provision of services by the Company in compliance with the fair and legitimate methods. Also, although there might be some customers who decline to provide their respective information as set forth in the following list, the Company does not prevent such customers from using the basic services.
- 2-3. List of personal information to be collected at the time of signing up for membership:
- - Required information: Desired ID, password, name, gender, date of birth, nationality, country, email address and consent to receiving email message; and
- - Optional information: Telephone number, postal code, state, city/town, street address, name and model of automobile, recent date of tire change, currently used tires, and name of tire
- 2-4. The Company will not collect certain types of Personal Information (race and ethnicity, philosophy and ideology, place of birth and permanent domicile, political preference and criminal record, medical history, health and sex life, etc.) that may significantly harm the client’s basic human rights unless having obtained the client’s consent in cases where the collectable Personal Information are expressly stipulated under the relevant laws or such Personal Information is directly related to the provision of services.
Article 3. Consent to the Collection of Personal Information
Article 4. Purpose of Collection and Use of Personal Information
- 4-1. The Company collects the Personal Information of its clients for the following purposes:
- - Name, Email: To identify whether the user is an adult for the purpose of using the services and to confirm whether the user is an offline member.
- - Name, Phone No., Email: To send information on the new services or products or event, notice, request for the user’s comment and compliance, etc.
- - To obtain a smoother communication channel, etc.
- - Address: For demographic analysis (Statistical analysis of age, gender, location of customers who are using the services)
- - Other selected information: Provision of services to individual members and provision of special services (tire consulting, reader’s club, etc.)
Article 5: Collection of Personal Information through Cookie
5-1. The Company stores all the Personal Information and uses the Cookie system to locate the Personal Information from time to time. Cookie is a small volume of information to be transmitted from a relevant website to the web browsers (such as Netscape, Explorer, etc.). When a customer accesses the website, a computer reads the message of Cookie that is located in the web browser of such customer, which then locates the additional information of such customer from the customer’s computer, and it provides the necessary service to such customer without entering the name, etc. of such customer while accessing the website. Cookie only recognizes the customer’s computer but not the individual customer in person. Also, such customer has the option for using the Cookie system. The customer may (i) allow the operation of any and all Cookies, (ii) require his/her confirmation whenever a Cookie saves the data or (iii) refuse to save any data in Cookie, upon adjusting the internet web browser option ([Tools]→ [Internet Options]→ [Security]→ [Users]).
Article 6. Use of Personal Information beyond the Scope and Provision thereof to a Third Party
- 6-2. The Company may delegate to a third party its management services for the Personal Information of its customers for the purpose of smooth operation of the business. In this case, the Company notifies the customers in advance about the name of the entrusted company, the scope of Personal Information that such company will be entrusted, purpose of the entrusted business, procedure of the entrusted business, terms of the entrusted business, via email, phone, in writing or through the website. More details on the aforementioned are available in Article 12 of the Personal Information Protection Guidelines.
- 6-3 In cases where the Company assigns its rights and obligations due to business transfer or merger, the Company must notify the customers in advance about the reason for such assignment, information on the assignee and procedure for assignment upon posting such information on the front page of its website for at least thirty days and at the same time specifically notifying such information in writing, via email or by other means for more than once. The Company will grant the customers a right to agree or withdraw from certain matters relating to Personal Information. However, if, in connection with the notification in writing or via email, the Company is unable to find the contact information of the customers without any fault on the part of the Company, or there is a valid reason why the Company was unable to notify the customers of such information due to occurrence of the acts of God, the Company may publicly notify about such information through two or more major newspapers or magazines at least once.
- 6-4. In the occurrence of any of the following events notwithstanding Articles 6-1 through 6-3, such event shall be considered as an exception to such Articles:
- - if the user agrees in advance to disclose the Personal Information;
- - if the Personal Information is necessary for the purpose of calculating the ‘mileage’ points owing to the provision of services;
- - if the Personal Information is necessary for the purpose of statistical study, academic research or market study, and such Personal Information will be revised so as not to disclose the identity of a certain individual;
- - if the Personal Information will be provided to a third party (including research institution, survey/research company, partner, etc.); and
- - if the Personal Information is required under the Act on Real Name Financial Transactions and Guarantee of Secrecy, the Use of Protection of Credit Information Act, the Framework Act on Telecommunications, the Local Tax Act, the Framework Act on Consumers, the Bank of Korea Act, and the Criminal Procedure Act.
- 6-5. In order to provide better services to its customers, the Company may provide or share the Personal Information to its partner. In such case, however, the relevant customer will be personally asked in advance, via e-mail, to agree to the provision or sharing of Personal Information after being notified about important details, such as the name of partner, list of Personal Information that will be provided or shared with the partner, reason for provision or sharing of his/her Personal Information with the partner. As such, if our client refuses to agree thereto, the Company will not provide or share any Personal Information with its partner.
Article 7. Accessibility and Change of Personal Information
- 7-1. The Company will allow its customers to access or change their respective Personal Information online at any time, through personal office visit, in writing, phone call, email, or by other means. In the event that the customer requests for access or change of his/her respective Personal Information, the Company will promptly carry out and treat such request without any verification of customer’s identification. However, if there is any valid reason to deny such access or change, the Company will promptly notify the customers of such reason.
- 7-2. If the customer requests the Company for correction of any errors on his/her Personal Information, the Company will not provide or use such Personal Information until the error is fully corrected.
Article 8. Collection, Use, and Withdrawal upon Consent to the Matters of Personal Information
- 8-1. The customers may, at any time, withdraw the matters to which the customers have consented (including collection, use and provision of Personal Information).
- In case that you wish to withdraw your consent (or membership), you may contact the customer service at 1577-2781, or send an email to the person in charge for the Personal Information or webmaster, and they will carry out the necessary actions to promptly destroy your Personal Information upon verification of your identification and notify you of such actions.
- Moreover, if you wish to withdraw from membership, you may log on to the website and click "Withdrawal of Membership" from "Change of Information" and type in your responses to the inquiries as provided from the website and click "Withdraw My Membership", and thereafter you may withdraw from the membership after your identification is verified based on the responses that you typed in.
- However, if it is provided differently in Article 9 of the Personal Information Protection Guidelines, such Article shall prevail.
- 8-2. The Company will carry out the necessary actions to withdraw the consent to the collection of Personal Information in a simpler manner as compared to the procedure of collecting the Personal Information.
Article 9. Period for Preservation and Use of Personal Information
- 9-1. Any of the customers’ Personal Information will be destroyed in case of withdrawal from membership, expulsion as a member or any of the following (where the purposes of collection or provision of Personal Information have been fulfilled);
- provided, however, in cases where the Company is required under the Commercial Code or the applicable laws to keep the Personal Information for the purposes of verification of the rights and obligations relating to the following, the Company shall keep such Personal Information for a certain period of time as set forth under the applicable laws:
- Any record of cancellation of an agreement or withdrawal of request: 5 years
- Any record of payment of price and supply of goods: 5 years
- Any record of customer complaint or settlement of dispute: 3 years
- 9-2. The customers are entitled to request the Company for access to any and all information on transaction, which are currently held by the Company with the consent of the customers. In such case, the Company promptly carries out the necessary action for the customers to access such information.
Article 10. Technical and Managerial Measures regarding Personal Information
- 10-1. The Company carries out the following technical protection measures to secure and protect the customers’ Personal Information from any loss, theft, leak, forgery or damage:
- - All Personal Information of the customers are being secured and protected by ID and passwords, and any and all files and data transmissions are fully encrypted;
- - Any and all material data are being secured upon using the lock system and other secured measures;
- - The Company uses computer anti-virus programs to prevent any damages caused by computer virus;
- - Computer anti-virus programs are regularly updated, and in case of sudden appearance of computer virus, the Company protects the Personal Information from being damaged by promptly resolving the threat of such computer virus;
- - Through the use of encryption algorithm, the Company ensures the safe transmission of any Personal Information available through the network, and the Company creates a firewall to prevent any invasion resulting from hacking the system.
- - Also, the Company exerts its utmost efforts to provide the best security system by using the anti-invasion system and weak spot analysis system for each server.
- 10-2. The Company carries out the following managerial protection measures to secure and protect the customers’ Personal Information, which shall allow limited access by the following specific employees of the Company:
- - a person who carries out his/her marketing service address directly to users;
- - a person who carries out his/her protection service for the Personal Information (such as person in charge and manager of Personal Information); and
- - a person who must deal with the Personal Information for the purpose of carrying out his/her relevant business.
- - The Company provides its employees who are dealing with Personal Information with regular in-house training and other education regarding the acquisition of security and protection technique as well as the obligation to protect the Personal Information.
- - In case of assignment of the relevant services of a person who is dealing with Personal Information, such assignment shall be thoroughly conducted as being fully secured. After commencement and completion of the service, the employees of the Company may be held liable for any incident that occurred in relation to the handling of Personal Information.
- - The Company does not store the Personal Information with any other general data and keeps such Personal Information separately from general data through the use of separate servers.
- - The computer rooms and data storage rooms are designated as special protection rooms, and there is limited access to such rooms.
- - If the Personal Information is lost, leaked, forged or damaged due to the mishandling of the Company’s employee or any technological mismanagement, the Company will promptly notify of such event to the customers and carry out all the reasonable measures and remedy such damages incurred by the customer.
Article 11. URL
- 11-1. The Company may provide the customers with website of other companies or the URL to other informational sources.
- In such case, as the Company is not capable of controlling any external website and information, the Company may not be held liable and may not guarantee the usefulness of services or information provided through such website or URL.
If the customers move to other websites by clicking the relevant URL which is provided by the Company, then the Company advises the customers to review the personal information protection guidelines provided in such website as the Personal Information Protection Guidelines of the Company would not apply to such website and URL.
Article 12. Delegation of Works relating to Personal Information
- 12-1. The Company may delegate to other service provider the works related to the customers’ Personal Information for the purpose of provision of better services to its customers, and in such case, the Company will notify the customers about the details of such delegation, such as name of other service provider, relationship with the service provider and scope of service, through a pop-up banner on the company website.
- 12-1. In case of delegation of management of the Personal Information to other service provider, the Company will enter into a certain delegation agreement with such service provider to set forth the terms and conditions, including compliance with the Personal Information protection guidelines, confidentiality, terms of service, return of all the Personal Information after termination/expiration of the agreement and events of default, and the Company will cause such service provider to comply with the applicable terms and conditions. Such agreement will be kept in written or electronic form.
Article 13. Rights and Obligations of Users
- 13-1. Protection of the ID or password of the customers is a crucial matter for the purpose of Personal Information protection, and the obligations to protect and maintain the ID and password are mainly the responsibility of the relevant customers. That is, the customers must be cautious while using the online service. The customers must make sure to keep their password from being disclosed in public while using online service and it is absolutely essential to log out from the computer after using the service.
- 13-2. The Company shall exert its best efforts to protect the Personal Information as set forth in the Personal Information Protection Guidelines; provided, however, that the Company shall not be responsible for any event that occurred due to risk factors of using the internet.
- 13-3. The customers have obligations to protect their respective rights concerning the Personal Information and not to invade the privacy of other users. If a customer fails to perform such obligations and harms other user’s personal information, such customer may be subject to a criminal liability under the Act on Promotion of Information and Communications Network Utilization and Information Protection
Article 14. Customer’s Comments and Customer Services
- 14-1. The Company shall create a window where the customers may give their comments and complaints regarding Personal Information.
- If a customer, who has a comment or complaint regarding Personal Information, provides the comments to the Company’s person in charge or manager for the Personal Information, the Company will promptly take care of such comment and let such customer know the result of the comment/complaint. Also, the customers may report any complaints concerning the company’s services to any available personal information protection centers (www.cyberprivacy.or.kr, www.e-privacy.or.kr, www.1336.or.kr, Tel: 02-1336) which are established and currently being operated by the government.
Article 15. Advertising Information
- 15-1. The Company will not send any for-profit advertising information to the customers who have declined to receive such information.
- 15-2. The Company will not send any advertising information that may be harmful to any person under the age of 19.
Article 16. Person in Charge and Manager for Personal Information
- 16-1. The Company selects the following persons as the person in charge and manager for the Personal Information in connection to the customer’s comments and complaints regarding the relevant Personal Information.
- Person in Charge of Personal Information
- Name: Jeong Wonhong
- Division/Title: Information Security Team/ CISO
- E-mail: firstname.lastname@example.org
Article 17. Obligations for Notice
- The current Personal Information Protection Guidelines have been enacted as of December 1, 2010. In cases where the terms of the Personal Information Protection Guidelines are added, deleted, and amended as a result of change of the government policy or security or amendment to the Company’s internal policy, the Company may amend the Personal Information Protection Guidelines accordingly and may notify of such amendment on the “Notice” found on the Company’s website at least ten (10) days prior to such amendment.
- - The initial enacted date of Personal Information Protection Guidelines: December 1, 2010
- - The initial effective date of Personal Information Protection Guidelines: December 1, 2010