Privacy Policy

2024.03.20

2024.03.20

Eusu Holdings (hereinafter referred to as the “Company” or “we”) complies with the personal information protection regulations mandated by the relevant laws and regulations of the Republic of Korea, including the Personal Information Protection Act. In adherence to these laws, we have formulated this privacy policy to safeguard the personal information, rights, and interests of our users. Our primary objective is to prevent any unauthorized disclosure or damage to personal information.

The Company discloses this privacy policy on the front page of its website (http://eusu-holdings.com) to ensure it is readily available to users at all times.

Chapter 1: General Provisions

① Definitions

1. The term "personal information" refers to any information related to a living individual, including but not limited to information identifying an individual by their full name, resident registration number, etc., and information that, even if not identifying an individual on its own, can be easily combined with other data to identify them.

2. We value the privacy of our users and adhere to the Personal Information Protection Act.

3. Users will be informed of the purpose and method of using the personal information they provide through the privacy policy, along with the measures taken to protect their personal information.

4. The Company's privacy policy may be amended in accordance with changes in relevant laws and internal operating policies. In the event of such changes, the Company will promptly notify users of the reasons and the contents of the modifications, in compliance with the notification obligation.

② Notification Obligation

1. The Company's privacy policy may be modified based on changes in laws, government guidelines, or the Company's internal policies. Any such changes will adhere to the following notice obligations.

2. The current privacy policy was revised on January 2, 2024. Any additions, deletions, or modifications to the contents will be notified through the website at least 7 days prior to the revision (at least 30 days prior to any significant changes). If alterations in the collection and utilization of personal information, provision to third parties, etc., require consent, a separate consent procedure will be prepared and conducted. The privacy policy is assigned a version number and revision date to facilitate tracking revisions.

- Privacy policy version number: v3.0

- Date of announcement of changes to the privacy policy: January 2, 2024

- Revised privacy policy effective date: January 10, 2024

Chapter 2: Purpose of Collecting and Using Personal Information

① The Company collects personal information to provide various and convenient internet services to customers. Service-related information may be provided through various methods (telephone, notice, mail, etc.) to enhance services based on the collected information

1. Purpose of Collecting Personal Information

A. Personal information is processed to confirm customer inquiries, contact them for fact-finding, and notify them of processing results.

B. Personal information is processed to handle complaints, such as violations of the law, and communicate the results.

② The Company collects personally identifiable information with user consent to enhance the quantity and quality of the service for the user, providing customized services.

③ The Company strives to improve services by studying the demographic distribution, interests, and behavior of users based on personal information obtained through server log files or other surveys.

④ Such information is collected and analyzed in aggregate. Depending on the case, it may be shared with partners in the form of statistical data or processed information. In these cases, it is not possible to identify individuals.

⑤ However, if a customer expresses an intention not to receive service information, the Company will exclude the customer from the target audience for providing information. The Company shall not be liable for any disadvantages caused by not receiving service information due to the exclusion of the customer from the target audience.

Chapter 3: Items and Methods of Collecting Personal Information

① The Company processes only the minimum necessary personal information to receive reports of legal violations and provide other services as outlined below.

1. Items of Personal Information to be Processed

A. Handling customer inquiries: phone number, mobile phone number, email address.

B. Processing legal violation reports: mobile phone number, email address.

2. Information Generated and Collected in the Process of Service Use or Information Processing

A. User's browser type and OS, access logs, access IP information, service usage history, cookies, etc.

② Personal information is collected through site access and use via the website (http://www.eusu-holdings.com/).

Chapter 4: How to Consent to the Collection and Use of Personal Information

① When collecting personal information from customers, we inform them of the purpose of collecting and using personal information. We also detail the entrustment of personal information provision and processing to third parties, adhering to the provisions of relevant laws and regulations. Consent is obtained through explicit agreement or notification in accordance with the privacy policy.

② Customers may provide consent to the collection and use of their personal information, as well as the entrustment of third-party provision and processing, by familiarizing themselves with the details outlined in the Company's privacy policy.

Chapter 5: Retention and Use Period of Personal Information

① Personal information collected with the user's consent is retained and used during the user's engagement with the Company's website and application services via mobile devices. The Company will promptly destroy the collected personal information when the purpose of collecting and using it is achieved, as outlined below:

1. Customer inquiries: Retained for 1 year after processing customer inquiries or immediately destroyed upon customer request.

2. Reporting a violation of the law: Retained for 1 year after processing a report of a violation of the law or immediately destroyed upon customer request.

3. Business abolition or termination of relevant business.

② However, even if the purpose of collecting and using personal information has been achieved, preservation may be necessary in accordance with the provisions of related laws such as the Commercial Act, the Act on Consumer Protection in Electronic Commerce, etc. If the retention period is notified or specified to the user in advance, personal information may be kept accordingly.

Chapter 6: Procedures and Methods for Destroying Personal Information

The Company promptly destroys information once the purpose of collecting and using personal information is achieved, and the destruction procedures and methods are as follows:

① Destruction Procedure

1. Select the personal information for which the reason for destruction has occurred and destroy it in accordance with the internal policy procedure under the responsibility of the personal information protection manager of the Company.

② Destruction Method

1. Personal information stored in the form of electronic files will be deleted using a technical method that prevents the records from being reproduced.

2. Personal information printed on paper will be destroyed through shredding or incineration.

Chapter 7: Sharing and Providing Personal Information We Collect

① In principle, the Company does not provide users' personal information to outside parties. However, exceptions are made in the following cases:

1. When the user has given prior consent.

2. In accordance with the provisions of laws and regulations or when requested by an investigative agency following the procedures and methods outlined in laws and regulations for investigative purposes.

Chapter 8: Outsourcing of Personal Information Processing

① The Company entrusts the processing of personal information to the following companies for the fulfillment of contracts and the provision of services:

1. Fivesenses: The website maintenance

② When entering into a consignment contract, the Company specifies matters related to responsibilities, such as the prohibition of processing personal information beyond the purpose of performing consignment work, technical protection measures, and restrictions on re-consignment. These details are documented in contracts in accordance with the Personal Information Protection Act, and the Company supervises the secure processing of personal information.

③ If there is a change in the contents of the consignment work or the consignee, the Company will promptly disclose such changes through this privacy policy.

Chapter 9: Rights of Users and Legal Representatives and How to Exercise Them

① Users may view or modify their personal information at any time and can request deletion or suspension of processing.

② Users can directly view, modify, or delete their personal information after verifying their identity. They can contact the person in charge of personal information management in writing, by phone, or by email, and the Company will take prompt action.

③ The exercise of rights under Article ① may be done through an agent, such as the legal representative of the information subject or a person who has been delegated. In such cases, a power of attorney in the form of Attachment No. 11 to the "Notification on the Method of Processing Personal Information (No. 2020-7)" must be submitted.

④ A request for correction and deletion of personal information cannot be made if the personal information is specified as the subject of collection in another law.

⑤ The Company shall verify whether the person making the request, such as a request for access, a request for correction or deletion, or a request for suspension of processing, is the individual or a legitimate representative in accordance with the rights of the information subject.

Chapter 10: Request for Access to Personal Information

Users may make a request for access to their personal information pursuant to Article 35 of the Personal Information Protection Act to the department in charge, as listed in Chapter 13. The Company will make every effort to promptly process users’ request for access to personal information.

Chapter 11: Installation, Operation, and Rejection of Automatic Personal Information Collection Devices

① The Company installs and operates a device that automatically collects personal information using 'cookies,' which store and retrieve users’ information periodically. A cookie is a very small text file sent to users’ browser by the server used to operate the Company's website and is stored on users’ computer's hard disk. Cookies identify users’ computer but do not identify users personally.

② Cookies are used to analyze the frequency of access and duration of visits by users, track traces, and identify the number of visits.

③ Users have a choice regarding the installation of cookies. They can either accept all cookies, confirm each time a cookie is saved, or refuse to save all cookies by going to the "Tools" > "Internet Options" tab at the top of their web browser. However, please note that if users refuse to accept cookies, we may not be able to provide them with our services.

Chapter 12: Technical and Administrative Measures to Protect Personal Information

① Technical Measures

1. The Company takes the following technical measures to ensure the safety of personal information so that it is not lost, stolen, leaked, altered, or damaged when processing customers' personal information.

2. The Company employs password protection to safeguard customer's personal information. Additionally, important data is secured through a separate security function by encrypting files and transmission data or utilizing a file lock function (Lock).

3. The Company adopts a security device (SSL or SET) that securely transmits personal information over the network using cryptographic algorithms. In preparation for external intrusions, such as hacking attempts, the Company employs an intrusion prevention system and a vulnerability analysis system for each server to ensure security.

② Administrative Measures

1. The Company restricts access to customers' personal information to a minimum number of individuals, including:

A. Persons who directly deal with customers and perform marketing tasks.

B. Persons who perform personal information management duties, such as the personal information manager and the person in charge.

C. Persons authorized to view personnel information for recruitment purposes.

D. Individuals required to process personal information for other business purposes.

2. Regular in-house and outsourced training is provided to employees handling personal information. This training covers acquiring new security technologies and emphasizes their obligations to protect personal information.

3. All employees pledge to adhere to security measures upon joining the company, preventing information leakage. Internal procedures are established to audit the implementation of the personal information processing (handling) policy and ensure employee compliance.

4. Thorough handovers of duties related to personal information processors are conducted while maintaining security. Responsibilities for personal information incidents are clarified both upon joining and leaving the company.

5. Access Control Measures: Access control measures, including those for computer rooms and data storage rooms, are in place to enhance overall security.

Article 13 Personal information protection manager

① Users may report all complaints related to personal information protection arising from the use of the Company's services to the person in charge of personal information protection or the department in charge. The person in charge of personal information protection will promptly and sufficiently respond to users' reports.

② The Company designates the relevant departments and personal information protection officers as follows to protect customers' personal information and handle complaints related to personal information.

1. Personal information protection manager

- Name: S. Kim

- Team: HCA

- Position: Team manager

- Email: eusu@eusu-holdings.com

- Phone: 02-6716-3000

2. Person in charge of Personal information protection

- Name: G. Lee

- Team: HCA

- Position: Person in Change

- Email: eusu@eusu-holdings.com

- Phone: 02-6716-3000