Article 1 (Purpose)
① This Privacy Policy is intended to define how the Company collects, uses, retains, and destroys personal information received via customer inquiries and internal whistleblowing channels. The personal information includes “Name, Contact Number, Email, Subject, and Content” provided during a customer inquiry and similarly provided when using the internal whistleblowing system.
② This policy presents safe personal information management standards in accordance with the rights and interests of data subjects and applicable laws (e.g., the Personal Information Protection Act, the Act on Promotion of Information and Communications Network Utilization and Information Protection, etc.).
Article 2 (Items and Methods of Personal Information Collection)
① The Company collects the following personal information:
- Customer Inquiry Information
- Items Collected: Name, Contact Number, Email, Subject, Content
- Collection Method: Direct input or provision by the customer via website, mobile app, telephone, email, etc. when making an inquiry
- Internal Whistleblowing System Information
- Items Collected: Name, Contact Number, Email, Subject, Content
- Collection Method: Through a dedicated webpage, dedicated email, or other offline submission methods for internal whistleblowing
② When collecting personal information, the Company obtains the data subject's consent, and no personal information is collected without such consent.
Article 3 (Purpose of Collecting and Using Personal Information)
The Company utilizes the collected personal information for the following purposes:
- Handling customer inquiries and complaints – Providing prompt and accurate responses to customer inquiries and resolving complaints
- Operation of the internal whistleblowing system – Receiving reports and conducting subsequent investigations regarding internal misconduct, corruption, or unfair practices
- Service improvement and marketing – Enhancing customer services and conducting statistical analyses or research based on the collected information (Note: Statistical and analytical data are processed in a manner that does not identify individuals)
- Legal obligations – Providing information in accordance with relevant laws, regulations, or requests from investigative agencies
Article 4 (Retention and Use Period of Personal Information)
① The Company promptly destroys personal information once the purpose for which it was collected and used is achieved or when the legal retention period has expired.
② However, customer inquiry and complaint-related information is retained for one year after the completion of handling the complaint, and internal whistleblowing system-related information is retained for the period specified by relevant laws (e.g., three years) after the report and its processing are completed.
③ The retention period may vary in accordance with laws, the Company’s internal policies, or separate agreements with the data subjects.
Article 5 (Provision of Personal Information to Third Parties and Outsourcing)
① Provision of Personal Information to Third Parties
- The Company does not provide personal information to any third party without the data subject's prior consent.
- However, the following exceptions apply:
- When it is deemed necessary for the immediate benefit of the data subject’s life, body, or property
- When required by law, such as by investigative agencies or other relevant authorities
② Outsourcing of Personal Information Processing
- The Company may outsource certain tasks related to personal information processing (e.g., customer support, data management) to external professional companies. In such cases, a contractual agreement is established in accordance with the Personal Information Protection Act to ensure secure management.
- The outsourced companies are prohibited from using the personal information for purposes other than those specified and from providing it to third parties. Once the outsourced tasks are completed, the personal information is either returned to the Company or destroyed without delay.
Article 6 (Measures to Secure the Safety of Personal Information)
The Company implements the following technical, administrative, and physical measures to ensure the safe handling of personal information:
- Technical Measures
- Encryption of personal information (using up-to-date security protocols such as SSL/TLS)
- Operation of security systems, including firewalls and intrusion detection systems (IDS), to protect against external intrusions
- Implementation of access control systems and log management frameworks
- Administrative Measures
- Establishment of internal management plans for personal information protection and regular employee training
- Management of access rights to personal information and regular inspections
- Physical Measures
- Control of access to servers and data storage areas containing personal information (through the operation of access control systems)
The Company continuously monitors the latest security technology trends and implements additional supplementary measures as necessary.
Article 7 (Procedure and Methods for Destruction of Personal Information)
① The Company promptly destroys personal information once the retention period has expired or the purpose of processing has been achieved.
② Destruction Procedure
- Personal information for which destruction is warranted is first separated and identified as "Data for Destruction."
- Subsequently, it is destroyed securely in accordance with internal policies and relevant laws.
③ Methods of Destruction
- Electronic Files: Permanently deleted using methods that render recovery or restoration impossible
- Paper Documents: Shredded, incinerated, or otherwise disposed of in a manner that prevents reconstruction
Article 8 (Rights of the Data Subject and How to Exercise Them)
① Data subjects may request to view, correct, delete, or suspend the processing of their personal information at any time.
② To exercise these rights, data subjects may submit a request in writing, by telephone, or via email to the Company’s customer service or the designated Personal Information Protection Officer. The Company will process such requests promptly in accordance with applicable laws.
③ However, if the Company is required to retain the personal information by other laws, such information may be stored for a specified period.
Article 9 (Personal Information Protection Officer and Responsible Department)
① The Company designates a Personal Information Protection Officer and a responsible department to oversee personal information processing as follows:
| Category | Personal Information Protection Officer | Personal Information Protection Manager |
|---|---|---|
| Name/Title | Kyungtae Kim, Officer | Sung-hwan Ahn, Manager |
| Department | Planning Division | IT Planning Team |
| Phone Number | (+82)55-340-2188 | |
| ash1996@unick.co.kr | ||
② Data subjects may direct inquiries, complaints, or requests for remedy regarding personal information matters to the above contact details. The Company will respond promptly and faithfully.
Article 10 (Miscellaneous)
① Matters not specified in this Policy shall be governed by relevant laws and the Company’s internal policies.
② The Company conducts internal audits and regular inspections related to personal information processing to verify compliance with this Policy and to reflect any necessary improvements.
Article 11 (Amendments to the Privacy Policy)
① The contents of this Privacy Policy may be amended in accordance with applicable laws, institutional improvements, or Company policies. In the event of any amendments, the Company will announce the date, reasons, and details of the changes through its website (or other appropriate means).
② The amended Privacy Policy shall take effect from the date of announcement, and data subjects are responsible for periodically reviewing the changes.
Privacy Policy Announcement Date: February 5, 2025
Privacy Policy Effective Date: February 5, 2025
Privacy Policy Version: V1.0
