Privacy Policy

All-Connect Co., Ltd. (hereinafter referred to as the 'Company') values the personal information of users and is making efforts to comply with the 'Act on Promotion of Information and Communications Network Utilization and Information Protection, etc.' and the 'Personal Information Protection Act'. The Company informs you through this personal information handling (processing) policy about how the personal information provided by users is used and what measures are taken to protect personal information. This policy will take effect from May 1, 2024, and if it is revised, we will notify you through the website notice (or individual notice).

General Provisions

'Personal information' refers to information relating to a living individual that can identify the said individual based on the information contained therein, such as name, resident registration number, etc. (including information that cannot identify a specific individual alone, but can be easily combined with other information to identify the individual).

The Company places great importance on the protection of users' personal information and complies with the 'Act on Promotion of Information and Communications Network Utilization and Information Protection, etc.', the 'Personal Information Protection Act', and the 'Personal Information Protection Guidelines' established by the Ministry of the Interior and Safety.

Through this personal information handling (processing) policy, the Company informs you about how the personal information provided by users is used and what measures are taken to protect personal information.

The Company discloses this personal information handling (processing) policy on the first page of the All-Connect website (https://www.all-conec.com) so that users can always view it easily.

The Company has established procedures for continuously improving the personal information handling (processing) policy. And when revising the personal information handling (processing) policy, version numbers are assigned to make it easy to identify the revised contents.

1. Items and methods of collecting personal information to be collected

(1) Items of personal information to be collected

The company collects the following personal information from users when they first join as members or use the service.

▷ Required Items: Name, email, password, occupation, and mobile phone number required for membership registration

You can refuse to consent to the collection and use of required items, but this information is essential for providing the service, so if you refuse consent, you will not be able to register as a member, use the service, or use the website.
The company does not collect sensitive information (information on thoughts/beliefs, membership/withdrawal from labor unions/political parties, political views, health, sex life, etc.) that may significantly infringe on the user's privacy.
The company, in principle, does not collect personal information of users under the age of 14. If it is unavoidable to collect personal information of users under the age of 14 for service use, we will obtain prior consent from the legal representative and promptly destroy the information when the relevant business is completed, and thoroughly manage the personal information during the business process.

(2) Personal Information Collection Methods

▷ Website Registration

The company has established a procedure where users can select 'Agree' or 'Do not agree' for each item in the company's personal information collection and use consent form.

2. Purpose of Collecting and Using Personal Information

The company utilizes the collected personal information for the following purposes.

▷ Member Management and Identity Verification

To verify the identity when processing personal information and when the information subject requests to view, correct, or delete their personal information
To send notices and emails to All-Connect purchasing managers

3. Retention and Use Period of Personal Information

In principle, after the purpose of collecting and using personal information is achieved, the information will be promptly destroyed. However, if it is necessary to keep the information under the relevant laws and regulations, the company will store the member information for a certain period as prescribed by the relevant laws and regulations. In this case, the company will move the personal information to a separate database (DB) or change the storage location to preserve it.

Records related to contracts or withdrawal of applications: 5 years (Act on Consumer Protection in Electronic Commerce, etc.)
Records of payment of fees and supply of goods, etc.: 5 years (Act on Consumer Protection in Electronic Commerce, etc.)
Records of consumer complaints or dispute resolution: 3 years (Act on Consumer Protection in Electronic Commerce, etc.)
Records of collection/processing and use of credit information: 3 years (Credit Information Use and Protection Act)
Records of representation/advertisement: 6 months (Act on Consumer Protection in Electronic Commerce, etc.)
Log records of users' internet use/access location tracking data: 3 months (Telecommunications Business Act)
Other communications confirmation data: 6 months (Telecommunications Business Act)

4. Procedures for Destruction of Personal Information and Destruction Methods

The company will promptly destroy the information after the purpose of collecting and using personal information is achieved. The procedures and methods for destruction are as follows.

(1) Destruction Procedure

The user's personal information is moved to a separate DB (or a separate document cabinet in the case of paper) after the purpose is achieved, and is stored for a certain period in accordance with the company's internal policy and other relevant laws and regulations (refer to the retention and use period). Personal information moved to a separate DB is not used for any other purpose other than what is legally required.

(2) Destruction Method

Personal information stored in electronic file form is deleted using technical methods that cannot reproduce the records.

Personal information printed on paper is shredded by a shredder or destroyed by incineration.

5. Provision of Personal Information to Third Parties

The company does not provide users' personal information to outside parties in principle. However, the following are exceptions.

When required by law or for investigation purposes in accordance with the procedures and methods prescribed by law
When necessary for fee settlement for paid services
When providing in a form that cannot identify specific individuals for statistical purposes, academic research, or market research
When the users have given prior consent

※ The companies listed above may be subject to change in the future. If the company changes or provides or shares the user's personal information other than the contents stated, a separate user consent procedure will be followed before providing it.

6. User and Legal Representative's Rights and How to Exercise Them

Users and legal representatives can request the viewing, correction, deletion, processing suspension, and withdrawal of consent of the registered user's or the minor under 14 years of age's personal information at any time. To do this, please use the 'Personal Information Change' (or 'Member Information Modification', etc.) menu on the homepage, or contact the representative phone number or the personal information manager in writing, by phone, or by email, and we will take action without delay.

▷ The company may refuse to view or correct and delete all or part of the personal information in the following cases.

When viewing is prohibited or restricted by law
When there is a risk of harming the life or body of another person or unfairly infringing on the property and other interests of another person

7. Other Policies on Handling Personal Information

(1) Technical and Managerial Measures for Personal Information Protection

In handling users' personal information, the company is taking the following technical and managerial measures to ensure the safety of personal information to prevent loss, theft, leakage, alteration or damage.

▷ Establishment and Implementation of Internal Management Plan

The company has established and is implementing an internal management plan for the safe processing of personal information.
The company is confirming the implementation of personal information protection measures and the compliance of the person in charge through the company's personal information protection dedicated organization, and is immediately correcting any problems found.

▷ Installation and Operation of Access Control Devices

The company is using an intrusion prevention system to control unauthorized access from outside, and is making efforts to equip all possible technical devices to ensure security.

▷ Measures to Prevent Forgery and Alteration of Access Records

The company is storing and managing the records of access to the personal information processing system, and is using security functions to prevent the access records from being forged or altered.

▷ Encryption of Personal Information

Users' personal information is protected by passwords, and files and transmission data are stored and managed by encrypting or using file locking functions, and important data is protected through separate security functions.

▷ Measures against Hacking and Other Threats

The company is taking measures to prevent damage from computer viruses by using antivirus programs. Antivirus programs are updated periodically, and as soon as a sudden virus appears, the company provides it immediately to prevent personal information from being infringed.
The company has adopted a security system (SSL) that can safely transmit personal information over the network using an encryption algorithm.
To prepare for hacking and other external intrusions, the company is taking full security measures by using intrusion prevention systems and vulnerability analysis systems on each server.
Personal information and general data are not stored together, but are stored separately on different servers.
The company limits access rights to users' personal information to those directly engaged in marketing activities, personal information managers and managers, and others whose handling of personal information is unavoidable for business purposes.
The company provides regular in-house training and outsourced training for employees handling personal information on new security technologies and personal information protection obligations.
The company has established internal procedures to audit the implementation of the personal information protection policy and compliance of employees by obtaining security pledges from all new employees.
The handover of duties of personal information handlers is thoroughly carried out in a secure state, and the responsibility for personal information accidents before and after employment is clearly defined.
The computer room, data storage room, and other facilities are designated as special protected areas with access control.

▷ Minimize and train handling staff

The company limits the user's access to personal information to those who perform marketing work directly to the user, those who perform personal information management, such as the person in charge of personal information management, and others who are inevitable to handle personal information for business purposes.
We provide regular in-house training and outsourced training on the acquisition of new security skills and privacy obligations for employees handling personal information.
Through the security protocol of all employees at the time of joining the company, we are preparing internal procedures to prevent leakage of information by people in advance and to audit the implementation of personal information protection policies and compliance of employees.
The transition of personal information-related handlers is thoroughly carried out with security and clarifies responsibility for personal information incidents after joining and leaving the company,
Computation rooms and data storage rooms are set as special protected areas to control access.

(2) Policy on Providing Link Sites

The company may provide users with links to other companies' websites or materials, and users may use products and services developed by third parties through the All-Connect service. (For example, downloading and using applications developed by third parties through All-Connect.) In this case, the company has no control over the third party's websites, materials, products and services, so it cannot be responsible or guarantee the usefulness of the products, services or materials provided by them. When you click on a link included in the company and move to another site's page, the privacy policy of the visited site is irrelevant to the company, so please review the policy of the newly visited site.

(3) Policy on Managing Posts

The company values users' posts and does its best to protect them from alteration, damage, or deletion. However, this is not the case in the following situations.

Spam posts
Posts that spread false information to defame others and damage their reputation
Posts that disclose personal information of others without consent
Posts that infringe on the intellectual property rights or other rights of the company or a third party
Posts that are unrelated to the topic of the bulletin board

※ To promote a desirable bulletin board culture, the company may delete or modify specific parts with symbols when personal information of others is disclosed without consent, and indicate the path to move the content to the appropriate bulletin board if the content can be moved to another topic. In other cases, explicit or individual warnings may be given before deletion. Fundamentally, all rights and responsibilities related to the post belong to the individual author. Also, information voluntarily disclosed through posts is difficult to protect, so please carefully consider before disclosing information.

(4) Policy on Rejecting Unauthorized Collection of Emails

The company refuses the unauthorized collection of email addresses posted on the website by email collection programs or other technical devices. Violation of this may be punished under the 'Act on Promotion of Information and Communications Network Utilization and Information Protection, etc.'

(5) Sending Advertising Information

The company does not send advertising information for commercial purposes against the user's explicit rejection.

If the user has consented to the email delivery of product information, newsletters, etc., the company takes measures so that the user can easily recognize the following in the email subject line and body.

The email subject line may not indicate 'advertisement', but the main content of the email body is displayed.
The email body clearly states the sender's name, email address, and phone number, where the user can easily express their rejection, and specifies how the user can easily express their rejection.

※ When sending advertising information for commercial purposes through means other than email, such as fax or mobile text messages, the company takes necessary measures such as indicating 'advertisement' at the beginning of the content in accordance with the relevant laws and regulations.

8. Information on the Personal Information Manager and Customer Service Department

The company has designated the following departments and personal information managers to protect users' personal information and handle complaints related to personal information.

(1) Personal Information Protection Manager

Name: Lim Seong-jun
Affiliation: All-Connect
Phone: 02-2646-2804
Email: Contact@all-conec.com

(2) Personal Information Manager

Name: Lim Seong-jun
Affiliation: All-Connect
Phone: 02-2646-2804
Email: Contact@all-conec.com

※ Connects to the personal information protection department.

(3) Other Institutions

Users can report all personal information protection-related complaints arising from the use of the company's services to the personal information manager or the responsible department.

The company will promptly provide sufficient answers to users' reports.

If you need to report or consult on other personal information infringements, please contact the following institutions.

Personal Information Infringement Report Center (www.118.or.kr/ 118)
Supreme Prosecutors' Office Cyber Crime Investigation Center (www.spo.go.kr / 02-3480-3600)
Cyber Terror Response Center of the National Police Agency (www.ctrc.go.kr / 02-392-0330)