"Privacy" or "Private Information" shall mean the information concerning an individual, such as his/her name, resident registration number, and other information that could be used to identify such an individual visually (including information that cannot on its own be used to identify an individual, but can in combination with others). The "information entity" shall refer to the individual who can be identified through the information collected and processed, i.e., the person the private information points to. The company discloses its private information and makes it publically available on its website, www.cosmax.com. If the company revises its privacy terms, such revision will be announced via the Cosmax website, or the parties concerned will be individually notified.
02. Purpose of handling private information
The company shall not process private information except for the following purposes:
A. Processing items
- - Service analysis, etc.: Service usage analysis, in order to provide better services to the customers and enhance the quality of the website (service analysis and service level improvement, etc.)
- - Complaints handling: Checking the details on the complaints, contacting, notification for investigation and reporting outcomes.
- - Recruiting assessment/ decision: Identification and verification of the individual's name. Contacting the applicant and proceeding with the recruitment process. Reference for recruitment in accordance with the Patriot Act or the Law on Promotion of Employment of the Handicapped (Veteran's privilege, handicap-related information, etc.)
- - Sustaining/terminating employment: Payment of salary (or taxes), providing fringe benefits, supporting business operations, HR management (including training and education), issuance of certificates, etc.
03. Items of private information to be processed
1. Improving service analysis and service quality: Automatically generated and collected in the course of using the Internet.
- - Service usage record, access log, cookies, and access IP addresses
2. Complaints handling
- - Required: Name, and e-mail address
- - Optional: Address (city, province), Tel. (contact), Country, Company Name
3. Recruiting / Decision
- - General: Name (Korean/ Chinese Characters / Alphabetical), date of birth, gender, photo, password, home telephone number, home address, mobile phone number, email, education, military service (completion, duration of service, force, and rank), language skill, computer skill, licenses, family members, applicable to Veteran’s advantages, experience, social experience, awards, overseas experience, research experience)
- - Sensitive information: disability, disability type/grade
4. Continuing/terminating employment
- - Deployment, experience, rewards, training history, HR management including guarantee insurance, annual salary and bonus, HR assessment, and the information included in item 3 above.
04. Handling and retention of private information
In principle, private information will be disposed of immediately upon the fulfillment of the intended purpose of its collection. However, the following information items will be retained by the company for the designated period of time, with consent of the relevant entity if necessary.
1. Service analysis and improvement of the service quality
- - Retained information: service usage history, access log, cookies, and access IP address
- - Retention period: 3 years
2. Complaints handling
- - Retained information: Name, email address, address (city, province), telephone number (contact info.), country, company
- - Retention period: 1 year
3. Recruiting / Decision
- - Retained items: Name (Korean/ Chinese Characters / Alphabetical), date of birth, gender, photo, home telephone number, home address, mobile phone number, email, education, military service (completion, duration of service, force, and rank), language skills, computer skills, licenses, family members, status regarding Veteran’s benefits, experience, social experience, awards, overseas experience, research experience, disability, disability type, disability grade (sensitive information)
- - Retention period: For those who were not hired by the company, for five years with consent (to register the individuals in the talent data base in the recruitment website for future resource management). For those who are hired, the retention period of item 4 shall apply.
4. Continuing/terminating employment
- - Retained items: Deployment, experience, rewards, training history, HR management including guarantee insurance, annual salary and bonus, HR assessment, and the information included in item 3 above.
- - Retention period: Until the purpose of usage is fulfilled with consent.
05. Disposal of private information
Private information that is stored in electronic files is deleted using technical methods that will prevent its recovery. Private information that is printed on paper will be shredded or incinerated.
06. Obligations and rights of the information entities and how to exercise such rights
All information entities are entitled to demand that the company grant them access to, correct, delete, or cease to process their own private information. However, the company is entitled to refuse or limit such requests under the following circumstances;
- - The company has a legal obligation to refuse such request.
- - There are potential risks of bodily harms or life-threatening risks, or risks of unlawful violation of properties or other merits of people.
In addition, you may not demand deletion of the information if provisions require such information in other laws.
[Method and procedures for exercising your rights]
The information entity who wishes to gain access to, make corrections to, delete, or have the information processing ceased, may submit his/her request in writing either in hard copy, e-mail, or fax to the department in charge of handling private information. (See "09. Complaints services for private information" for the details on the department responsible.) The company shall comply with such a request unless there is a justifiable reason not to. If there is, the company shall advise the information entity of such fact within 5 days, along with information on how to file an objection to the decision. The company is entitled to authenticate the identity of the information entity or his/her representative making the request using identification documents or electronic identify certificates, etc., if an information entity or his/her representative demands access to the private information.
07. Technical/managerial/physical protective measures to safeguard the private information
The company takes measures to protect private information from loss, theft, leakage, modification, or damages as it handles such information.
The company complies with legal requirements in order to ensure the safe transmission and storage of private information.
The company uses anti-virus software to prevent damages caused by computer viruses.
The anti-virus software is updated on a regular basis. In the event of the emergence of unexpected new viruses, the corresponding anti-virus software will be immediately provided to protect the private information from being violated.
In order to safeguard against hacking attacks or other attempts to breach security, the servers are equipped with anti-infiltration systems and vulnerability analysis systems in order to ensure the full security of the information.
The company limits access to private information to employees who must directly deal with the information entities for sales or marketing work, employees responsible for managing private information, employees who are inevitably required to handle private information due to their responsibilities, etc.
Personnel who deal with private information are to receive regular training and externally entrusted education. In addition, they are supervised and monitored to ensure complete compliance with the laws and regulations regarding private information.
In order to ensure the safe storage of private information and the system used to process private information, there are physical means in place, including locking mechanisms.
The computer rooms or the Archive are set as special protection zones, to which access is controlled.
08. Complaints services for private information
The company has designated related departments and the personnel in charge in order to protect and process complaints related to private information.
A. Private Information Handling Department
- - Department: Support Team
- - Tel. : 031-359-0300
- - Fax : 031-359-5559
- - Email : HR@cosmax.com
- - Hours: (Mon - Fri) 09:00 ~ 18:00
B. Private Information Protection Officer
- - Name: Sanghyun Kim
- - Tel. : 031-359-0311
- - Email : email@example.com
If you need to report a violation of your private information or need help, please contact the following organizations:
- - Korea Internet & Security Agency (http://privacy.kisa.or.kr, or call 118)
- - Ministry of Administration and Self-Autonomy (http://www.privacy.go.kr, or call 02-2100-1737)
09. Duty of Announcement