Nurilab Co., Ltd. Privacy Policy

Nurilab Co., Ltd. (hereinafter referred to as the “Company”) establishes and discloses the following personal information processing policy in order to protect users’ personal information and rights and interests in accordance with the Personal Information Protection Act and to handle users’ grievances related thereto.

1. Purpose of collection and use of personal information

The company collects and uses personal information for the following purposes. The collected personal information will not be used for any purpose other than the following, and prior consent will be sought when the purpose of use is changed.

① Member management

  • - Identification, personal identification, prevention of illegal use by bad members and prevention of unauthorized use according to membership service use

  • - Complaint handling, complaint handling, member counseling, notice delivery, member withdrawal confirmation

② Service provision

  • - Various contents provided for paid/free members

③ Marketing and Advertisement Utilization

  • - Development of new services, delivery of information such as specialization, provision of services according to demographic characteristics, and publication of advertisements

  • - Statistics on access frequency or member's service use

  • - Delivery of promotional information such as related service information, marketing and information content guidance (seminars, newsletters, DMs, etc.)

2. Processing and retention period of personal information

The company continuously retains users' personal information and uses them to provide services as long as the users use the services provided by the company as members. In addition, in principle, the collected personal information will be destroyed without delay when the purpose of collecting or receiving personal information is achieved as follows. However, in the following cases, personal information is retained for the specified period as an exceptional reason for retention.

① User consent

  • - The company keeps the user's member ID (e-mail address) for one year in order to prevent the user or related parties from illegally using the service provided by the company through double registration, etc.

② Retention of personal information in accordance with other related laws

  • - Records on contract or subscription withdrawal, etc.: 5 years (Act on Consumer Protection in Electronic Commerce, etc.)

  • - Records on payment and supply of goods: 5 years (Act on Consumer Protection in Electronic Commerce, etc.)

  • - Records on consumer complaints or dispute handling: 3 years (Act on Consumer Protection in Electronic Commerce, etc.)

  • - Records on label advertisement: 6 months (Act on Consumer Protection in Electronic Commerce, etc.)

  • - Information included in commercial books and important business documents: 10 years (Commercial Law)

  • - Information related to transaction details and supporting documents: 5 years (National Tax Framework Act, Corporate Tax Act)

  • - In other cases where the user's consent has been obtained individually: the period for which consent is obtained

In accordance with the Information and Communications Network Act, if there is no access for more than 12 months or no service use, the account is converted to a dormant account and personal information is stored separately. In this case, if you do not log in for 30 days after the cancellation notice mailing is sent, it will be deleted. If you log in, the transition from the dormant state to the normal state is made.

3. Non-Purpose Use and Provision and Sharing to Third Parties

In order for members to conveniently use the company or services affiliated with the company, member information may be provided to companies affiliated with the company. However, before providing member information, the company must notify the affiliates, the purpose of provision, and the contents of the member information to be provided in advance and obtain the member's consent. However, in the following cases, it is possible to provide personal information without your consent in accordance with relevant laws and regulations.

① In case it is necessary for the settlement of charges according to the provision of services

② When it is necessary for statistical, academic research, or market research, and when a specific individual is processed and provided in an unrecognizable form

③ When there are special provisions in laws such as the Act on Real Name Financial Transactions and Confidentiality, the Act on the Use and Protection of Credit Information, the Framework Act on Telecommunications, the Telecommunications Business Act, the Local Tax Act, the Consumer Protection Act, the Bank of Korea Act, the Criminal Procedure Act, etc.

4. Rights and obligations of users and how to exercise them

Users can exercise the following rights as a subject of personal information.

① Users can exercise the following privacy-related rights against the company at any time.

  • - If there is a request to view personal information or an error, request correction, deletion, or suspension of processing

② The exercise of the rights under Paragraph 1 may be done in writing or through e-mail (e-mail) in accordance with the Form 8 of the Enforcement Rule of the Personal Information Protection Act to the company, and the company will take action without delay.

③ The exercise of the rights pursuant to Paragraph 1 may be done through the user's legal representative or an agent such as a person who has been delegated. In this case, you must submit a power of attorney in accordance with Form 11 of the Enforcement Regulations of the Personal Information Protection Act.

④ If a user requests correction or deletion of personal information errors, the company does not use or provide the information until the correction or deletion is completed.

5. Personal information collection items and methods

The company collects personal information in accordance with the following principles for the “purpose of collection and use of personal information” as in No. 1 above.

① Collected items: Member ID (e-mail address), password

② Collection method: Information collection through the website (membership registration)

③ User consent

  • - When the company collects users' personal information and changes the contents of the above collection items, the company notifies the user in advance and asks for consent.

6. Procedure and method of destruction of personal information

In principle, after the purpose of collecting and processing personal information is achieved, the company destroys the information without delay. The procedures, deadlines and methods of destruction are as follows.

① Destruction procedure

The information entered by the user will be stored for a certain period of time or immediately destroyed in accordance with the internal policy and other relevant laws after the purpose is achieved. At this time, the personal information for destruction will not be used for any other purpose unless it is required by law.

② Expiration date

If the retention period of the personal information has elapsed, the user's personal information shall be stored within 5 days from the end of the retention period, when the personal information becomes unnecessary, such as the achievement of the purpose of processing personal information, the abolition of the service, or the termination of the business. The personal information will be destroyed within 5 days from the date the processing is deemed unnecessary.

③ Destruction method

Information in the form of electronic files uses a technical method that cannot reproduce records.

7. Designation of personal information protection officer

The company checks the implementation of the personal information processing policy and compliance with the person in charge, and designates the relevant department and personal information protection manager as follows to request access to users' personal information, handle complaints, and remedy damages.

① Customer Management Department: Security Division

  • - Phone number : +82 2-2671-3344

  • - E-mail :

② Person in charge of personal information management

  • - Name : OOO

  • - Phone number : 02-2671-3344

  • - E-mail :

Users can request all inquiries related to personal information protection, complaint handling, damage relief, etc., and requests for access to personal information that occurred while using the company's services to the department in charge and the person in charge of personal information protection. The company will respond and process users' inquiries and requests without delay.

8. Measures to ensure the safety of personal information

In accordance with Article 29 of the Personal Information Protection Act, the company is taking the following technical, managerial and physical measures necessary to secure safety.

① administrative action

The company considers members' personal information the most important, and never sells or rents members' personal information. In addition, personal information is thoroughly managed through access rights, passwords, and encryption.

② Technical/physical measures against hacking, etc.

The company manages the server through the IDC security service, installs a security program, and performs periodic updates and inspections.

③ Access control for unauthorized persons

A separate physical storage place for personal information is established and access control procedures are established and operated.

9. Matters concerning the installation and operation of the automatic personal information collection device and its rejection

The company operates 'cookies' and 'sessions' to store and find users' information from time to time to support faster and more convenient website use and to provide customized services.

Among them, 'cookies' are small text files sent to the user's browser by the server used to operate the website, and are stored on the user's computer. It refers to storing information on the server.

The company operates 'cookies' and 'sessions' for the following purposes, and users have the option to install 'cookies'.

① Purpose of use of “cookies” and “sessions”

Through “cookies” and “sessions,” the user’s preferred settings are saved to support a faster web environment for users, and are used to improve services for convenient use.

② How to reject “cookie” setting

By setting options in the web browser, users can accept all cookies, check each time a cookie is saved, or refuse to save all cookies. However, if you refuse to install cookies, web use becomes inconvenient and there may be difficulties in using some services that require login.

  • [ How to set ]

  • - For Internet Explorer: Tools menu at the top of your web browser > Internet Options > Privacy > Settings

  • - For Chrome: Settings menu on the right side of the web browser > Show advanced settings at the bottom of the screen > Content settings button for personal information > Cookies

③ Installation/operation and rejection of “session”

Users do not have the option of setting up a session, and when login is required among the services provided by the company, including consigned work, a session is automatically created on the company's server and used in common.

10. Complaint service regarding personal information

If your personal information is infringed and you need to report or consult about it, you can contact the following organizations for help.

  • - Personal Information Infringement Report Center (Korea Internet & Security Agency, / 118 without area code)

  • : Responsibilities: Report personal information infringement, apply for counseling

  • - Personal Information Dispute Mediation Committee ( / 1833-6972)

  • : Responsibilities: Personal information dispute mediation application, collective dispute mediation (civil settlement)

  • - Cyber Crime Investigation Team, Supreme Prosecutors' Office ( / +82 02-3480-3573)

  • - National Police Agency Cyber Security Bureau ( / 182 without area code)

11. Duty of notice

This personal information processing policy was enacted on June 2, 2019, and if there is any addition, deletion, or modification of the contents according to the change of government policy or security technology, it will be notified through the website notice (or individual notice) is. This policy is effective from June 02, 2019.