Cookie Policy
COSMOS (hereinafter referred to as the "Company") establishes and discloses a personal information processing policy as follows in order to protect the personal information of the data subject and to promptly and smoothly deal with related grievances pursuant to Article 30 of the Personal Information Protection Act. · This privacy policy will take effect on July 1, 2022. Article 1 (Purpose of Processing Personal Information) The company processes personal information for the following purposes. The personal information being processed will not be used for any purpose other than the following purposes, and if the purpose of use changes, we will take necessary measures, such as obtaining separate consent pursuant to Article 18 of the Personal Information Protection Act. 1. Membership registration and management on the website Personal information is processed for the purpose of confirming the intention to join the membership. 2. Use to participate in events and guide prizes Personal information is processed for the purpose of participating in events and information on prizes. Article 2 (Period of Processing and Retention of Personal Information) 1.From the date of consent for collection and use of personal information related to It is held and used for the above purpose of use until . Grounds for holding: User's consent Related Acts: Article 15 of the Personal Information Protection Act Reason for Exception: Not applicable 2. From the date of consent regarding the collection and use of personal information related to It is held and used for the above purpose of use until . Grounds for holding: Idyongja-dong, Income Tax Act, etc Related Acts and subordinate statutes: 1) Records on payment and supply of goods, etc.: 5 years 2) Records on withdrawal of contracts or subscriptions: 5 years Reason for Exception: Not applicable Article 3 (items of personal information to be processed) ① The company is processing the following privacy items. 1. Mandatory items: name, email, phone number, service usage history, access log, cookie, access IP information Selections: Birthdays, addresses 2. Mandatory items: name, email, address, phone number cookie Selection: Birthdays Article 4 (Matters concerning entrustment of personal information processing) ① The company entrusts the processing of personal information as follows for smooth processing of personal information. 1. Consignee (trustee): COSMOS, Feelingluck Contents of duties to be entrusted: Identification, handling civil complaints such as handling complaints, delivering notices, providing events and advertising information, and providing opportunities to participate in the event according to the use of membership services Consignment period: 1 year ② In accordance with Article 26 of the Personal Information Protection Act, the company stipulates in documents such as contracts about responsibilities such as prohibition of processing personal information other than the purpose of consignment, technical and management protection measures, restriction of re-consignment, management and supervision of trustees, and compensation for damages, and supervises whether the trustee handles personal information safely. ③ If the details of the consignment work or the trustee changes, we will disclose it through this personal information processing policy without delay. Article 5 (Procedures for Destruction of Personal Information and Method of Destruction) ① When personal information becomes unnecessary, such as the expiration of the retention period of personal information or the achievement of the purpose of processing, the company will destroy the personal information without delay. ② If the retention period of personal information agreed by the data subject has elapsed or the purpose of processing has been achieved, the personal information needs to be preserved according to other laws and regulations, the personal information is transferred to a separate database (DB) or stored differently. ③ The procedures and methods of destroying personal information are as follows. 1. Reversal procedure The company selects personal information for which the reason for destruction has occurred and destroys the personal information with the approval of the company's personal information protection officer. 2. How to destroy Information in the form of electronic files uses a technical method that does not allow the recording to be played Article 6 (Matters concerning the rights and obligations of the data subject and legal representative and the method of exercise thereof) ① The data subject may exercise the right to view, correct, delete, and suspend processing of personal information at any time. ② The exercise of rights under paragraph (1) may be made to the company in writing, e-mail, or copy transmission (FAX) pursuant to Article 41 (1) of the Enforcement Decree of the Personal Information Protection Act, and the company will take action without delay. ③ The exercise of rights under paragraph 1 may be made through an agent, such as a legal representative of the data subject or a person who has been delegated. In this case, you must submit a power of attorney in accordance with the attached Form 11 of the "Notification on how to process personal information (No. 2020-7)." ④ The right of the data subject may be restricted in accordance with Articles 35 (4) and 37 (2) of the Personal Information Protection Act to request the suspension of reading and processing of personal information. ⑤ A request for correction and deletion of personal information cannot be requested for deletion if the personal information is specified as the subject of collection in other laws and regulations. ⑥ The company checks whether the person who made the request for access, correction and deletion, or access when requesting suspension of processing according to the data subject's right is the person or a legitimate agent. Article 7 (Matters concerning measures to ensure the safety of personal information) The company is taking the following steps to ensure the safety of personal information. 1. Conduct regular self-audit In order to secure stability related to personal information handling, self-audit is conducted regularly (once a quarter). 2. Minimize and train personal information handling staff We are implementing measures to manage personal information by designating employees who handle personal information and minimizing them by limiting them to those in charge. 3. Establishment and implementation of an internal management plan An internal management plan is established and implemented for the safe processing of personal information. 4. Technical measures against hacking, etc In order to prevent leakage and damage of personal information due to hacking or computer viruses, the company installs security programs, regularly updates and inspects them, installs systems in areas where access is controlled from the outside, and monitors and blocks them technically and physically. 5.encryption of personal information The password of the user's personal information is encrypted, stored and managed, and only you can know it, and important data uses separate security functions such as encrypting files and transmission data or using file lock functions. 6. Storage and forgery prevention of connection records Records accessed to the personal information processing system are stored and managed for at least one year, but when personal information is added to more than 50,000 data subjects or when processing unique identification or sensitive information, they are stored and managed for more than two years. In addition, security features are used to prevent forgery, theft, or loss of connection records. 7. Restrictions on Access to Personal Information We take necessary measures to control access to personal information by granting, changing, and canceling access to the database system that processes personal information, and control unauthorized access from outside using an intrusion prevention system. 8. Using locks for document security Documents containing personal information and auxiliary storage media are stored in a safe place with locks. 9. Control of Access to Unauthorized Persons There is a separate physical storage place that stores personal information, and access control procedures are established and operated. Article 8 (Matters concerning the installation and operation of devices that automatically collect personal information and their refusal) ① The company uses a "cookie" that stores usage information and fetches it from time to time to provide individual customized services to users. ② Cookies are small amounts of information sent by the server (http) used to run the website to the user's computer browser and are sometimes stored on hard disks in the user's PC computer. A. Purpose of use of cookies: It is used to provide optimized information to users by visiting each service and website visited by the user and identifying membership registration, service use, type of use, security access, etc. B. Install, operate, and reject cookies: You can reject saving cookies through the Tools at the top of the web browser > Internet Options > Options settings on the Privacy menu. C. Refusing to save cookies may cause difficulties in using customized services. Article 9 (Matters concerning personal information protection officers) ① The company is in charge of handling personal information, and designates a person in charge of personal information protection as follows to handle complaints and remedy damages by data subjects related to personal information processing. ▶ Personal Information Protection Officer Name: Information Security Office Position: Director Contact: ※ You will be connected to the privacy department. ▶ Personal Information Protection Department Department name: Information Security Planning Team Person in charge: Person in charge of personal information protection Contact: ② The data subject may contact the personal information protection officer and the department in charge for any personal information protection inquiries, complaints, damage relief, etc. that have occurred while using the company's service (or business). The company will respond to and process the data subject's inquiries without delay. Article 10 (Department that receives and processes requests for access to personal information) The data subject may request the following departments to view personal information pursuant to Article 35 of the Personal Information Protection Act. The company will try to expedite the data subject's request for personal information access. ▶ Department of receipt and processing of request for access to personal information Department name: Information Security Planning Team Person in charge: Person in charge of personal information protection Contact: Article 11 (Method of remedy for infringement of rights and interests of data subjects) In order to receive relief due to personal information infringement, the data subject may apply for dispute resolution or counseling to the Personal Information Dispute Mediation Committee, the Personal Information Infringement Reporting Center of the Korea Internet & Security Agency, etc. For other reports and counseling of personal information infringement, please contact the following agencies. 1. Personal Information Dispute Mediation Committee: (without country code) 1833-6972 (www.kopico.go.kr ) 2. Personal Information Infringement Reporting Center: (without country code) 118 (privacy.kisa.or.kr ) 3. Supreme Prosecutors' Office: 1301 (www.spo.go.kr ) 4. National Police Agency: 182 (ecrm.cyber.go.kr ) A person who has been infringed on rights or interests due to a disposition or omission made by the head of a public institution against a request under Articles 35 (reading personal information), 36 (correction and deletion of personal information), and 37 (suspension of processing of personal information) of the Personal Information Protection Act may request an administrative trial as prescribed by the Administrative Trial Act. ※ For more information on administrative trials, please refer to the website of the Central Administrative Appeals Commission (www.simpan.go.kr ). Article 12 (Change of Personal Information Processing Policy) ① This privacy policy will take effect on July 1, 2022.