Nurilab Co., Ltd. (hereinafter referred to as the “Company”) establishes and discloses the following personal information processing policy in order to protect users’ personal information and rights and interests in accordance with the Personal Information Protection Act and to handle users’ grievances related thereto.
The company collects and uses personal information for the following purposes. The collected personal information will not be used for any purpose other than the following, and prior consent will be sought when the purpose of use is changed.
- Identification, personal identification, prevention of illegal use by bad members and prevention of unauthorized use according to membership service use
- Complaint handling, complaint handling, member counseling, notice delivery, member withdrawal confirmation
- Various contents provided for paid/free members
- Development of new services, delivery of information such as specialization, provision of services according to demographic characteristics, and publication of advertisements
- Statistics on access frequency or member's service use
- Delivery of promotional information such as related service information, marketing and information content guidance (seminars, newsletters, DMs, etc.)
The company continuously retains users' personal information and uses them to provide services as long as the users use the services provided by the company as members. In addition, in principle, the collected personal information will be destroyed without delay when the purpose of collecting or receiving personal information is achieved as follows. However, in the following cases, personal information is retained for the specified period as an exceptional reason for retention.
- The company keeps the user's member ID (e-mail address) for one year in order to prevent the user or related parties from illegally using the service provided by the company through double registration, etc.
- Records on contract or subscription withdrawal, etc.: 5 years (Act on Consumer Protection in Electronic Commerce, etc.)
- Records on payment and supply of goods: 5 years (Act on Consumer Protection in Electronic Commerce, etc.)
- Records on consumer complaints or dispute handling: 3 years (Act on Consumer Protection in Electronic Commerce, etc.)
- Records on label advertisement: 6 months (Act on Consumer Protection in Electronic Commerce, etc.)
- Information included in commercial books and important business documents: 10 years (Commercial Law)
- Information related to transaction details and supporting documents: 5 years (National Tax Framework Act, Corporate Tax Act)
- In other cases where the user's consent has been obtained individually: the period for which consent is obtained
In accordance with the Information and Communications Network Act, if there is no access for more than 12 months or no service use, the account is converted to a dormant account and personal information is stored separately. In this case, if you do not log in for 30 days after the cancellation notice mailing is sent, it will be deleted. If you log in, the transition from the dormant state to the normal state is made.
In order for members to conveniently use the company or services affiliated with the company, member information may be provided to companies affiliated with the company. However, before providing member information, the company must notify the affiliates, the purpose of provision, and the contents of the member information to be provided in advance and obtain the member's consent. However, in the following cases, it is possible to provide personal information without your consent in accordance with relevant laws and regulations.
Users can exercise the following rights as a subject of personal information.
- If there is a request to view personal information or an error, request correction, deletion, or suspension of processing
The company collects personal information in accordance with the following principles for the “purpose of collection and use of personal information” as in No. 1 above.
- When the company collects users' personal information and changes the contents of the above collection items, the company notifies the user in advance and asks for consent.
In principle, after the purpose of collecting and processing personal information is achieved, the company destroys the information without delay. The procedures, deadlines and methods of destruction are as follows.
The information entered by the user will be stored for a certain period of time or immediately destroyed in accordance with the internal policy and other relevant laws after the purpose is achieved. At this time, the personal information for destruction will not be used for any other purpose unless it is required by law.
If the retention period of the personal information has elapsed, the user's personal information shall be stored within 5 days from the end of the retention period, when the personal information becomes unnecessary, such as the achievement of the purpose of processing personal information, the abolition of the service, or the termination of the business. The personal information will be destroyed within 5 days from the date the processing is deemed unnecessary.
Information in the form of electronic files uses a technical method that cannot reproduce records.
The company checks the implementation of the personal information processing policy and compliance with the person in charge, and designates the relevant department and personal information protection manager as follows to request access to users' personal information, handle complaints, and remedy damages.
- Phone number : +82 2-2671-3344
- E-mail : email@example.com
- Name : OOO
- Phone number : 02-2671-3344
- E-mail : firstname.lastname@example.org
Users can request all inquiries related to personal information protection, complaint handling, damage relief, etc., and requests for access to personal information that occurred while using the company's services to the department in charge and the person in charge of personal information protection. The company will respond and process users' inquiries and requests without delay.
In accordance with Article 29 of the Personal Information Protection Act, the company is taking the following technical, managerial and physical measures necessary to secure safety.
The company considers members' personal information the most important, and never sells or rents members' personal information. In addition, personal information is thoroughly managed through access rights, passwords, and encryption.
The company manages the server through the IDC security service, installs a security program, and performs periodic updates and inspections.
A separate physical storage place for personal information is established and access control procedures are established and operated.
The company operates 'cookies' and 'sessions' to store and find users' information from time to time to support faster and more convenient website use and to provide customized services.
Among them, 'cookies' are small text files sent to the user's browser by the server used to operate the website, and are stored on the user's computer. It refers to storing information on the server.
The company operates 'cookies' and 'sessions' for the following purposes, and users have the option to install 'cookies'.
Through “cookies” and “sessions,” the user’s preferred settings are saved to support a faster web environment for users, and are used to improve services for convenient use.
By setting options in the web browser, users can accept all cookies, check each time a cookie is saved, or refuse to save all cookies. However, if you refuse to install cookies, web use becomes inconvenient and there may be difficulties in using some services that require login.
[ How to set ]
- For Internet Explorer: Tools menu at the top of your web browser > Internet Options > Privacy > Settings
- For Chrome: Settings menu on the right side of the web browser > Show advanced settings at the bottom of the screen > Content settings button for personal information > Cookies
Users do not have the option of setting up a session, and when login is required among the services provided by the company, including consigned work, a session is automatically created on the company's server and used in common.
If your personal information is infringed and you need to report or consult about it, you can contact the following organizations for help.
- Personal Information Infringement Report Center (Korea Internet & Security Agency, privacy.kisa.or.kr / 118 without area code)
: Responsibilities: Report personal information infringement, apply for counseling
- Personal Information Dispute Mediation Committee (www.kopico.go.kr / 1833-6972)
: Responsibilities: Personal information dispute mediation application, collective dispute mediation (civil settlement)
- Cyber Crime Investigation Team, Supreme Prosecutors' Office (www.spo.go.kr / +82 02-3480-3573)
- National Police Agency Cyber Security Bureau (cyberbureau.police.go.kr / 182 without area code)
This personal information processing policy was enacted on June 2, 2019, and if there is any addition, deletion, or modification of the contents according to the change of government policy or security technology, it will be notified through the website notice (or individual notice) is. This policy is effective from June 02, 2019.