| Name | |
| @ | |
| If you cannot find your e-mail address, please contact the administrator via e-mail. |
| ID | |
| Name | |
| @ | |
| If you cannot find your e-mail address, please contact the administrator via e-mail. |
Kia corporation (hereinafter, “the company”) places a high value on the personal information of its users and makes all efforts to comply with the regulations related to personal information such as 'act on promotion of information and communications network utilization and information protection, etc.'. through this privacy policy, the company informs users how and for what purpose the personal information provided by users is utilized, and about the measures implemented to protect the personal information.
this policy shall be effective from the date of april 22, 2019, and when it is amended by the amendment of relative regulations or by the internal policy of the company, the company will notify through the notice(or individual notification) on the kia studio website(https://studio.kia.com, hereinafter, "website").
1. purpose of collection and use of the personal information
the company shall collect and use the personal information of users for the purposes described below. the collected personal information shall be used only for the purposes below, and when the company wishes to modify the purposes, previous consent of the user will be requested.
①the membership enrollment of the website and its management
confirming the intention to enroll the membership, confirming identification for the provision of membership service, maintaining and managing of membership, compiling the statistics for the use of service, limiting the use of the members who violate the kia studio agreement of kia corp., preventing illegal or unauthorized use of services, delivering notifications, handling complaints, preserving records for the dispute resolution, providing benefits and guidance, confirming the intention to cancel the membership, immediately destroy information after withdrawal
②provision of materials or services
provision of contents, manuals and other information
2. personal information to be collected and methods of collection
① collected information
name, name of company, name of department, telephone number of company, cellular phone number, fax number, e-mail address, id, password, information automatically generated in the course of using the services (contents download records, service use records, access logs, access ip information, etc.)
② methods of collection : human resources data and collection through the membership application procedure of the website
※ users may refuse to consent to the collection and use of personal information, but since such information is essential to the website membership and the provision of related services, membership status and the of services related thereto will not be provided to users who refuse to consent.※ the company does not install and/or operate automatic collection devices of personal information such as cookies.
3. retention of personal information and period of use
the company shall retain and use the personal information of users up until the purposes of collection and use of such information are achieved, and when the purposes of collection and use are achieved due to events such as the withdrawal of membership or the resignation from the company, the personal information shall be destroyed immediately. however, if a user does not log in to the website for a year, the personal information of such user shall be destroyed immediately according to the provisions of paragraph 2 of article 29 of the act on promotion of information and communications network utilization and information protection etc. in the event that the data processor bears a duty to preserve the personal information according to the regulations of the relevant laws, such information shall be kept for the period specified in the relevant regulations as described below. in such cases, the company shall use the personal information to be kept only for the purpose of the storage.
- user log records for the internet use etc., user access location tracking data: 3 months (protection of communications secrets act)
- other communications verification materials: 12 months (protection of communications secrets act)
- records related to contracts or the withdrawal of offers: 5 years (the act on the consumer protection in the electronic commerce etc.)
- records of payments and the supply of goods etc.: 5 years (the act on the consumer protection in the electronic commerce etc.)
- records of complaints of consumers or handling of disputes: 3 years (the act on the consumer protection in the electronic commerce etc.)
- records of labeling and advertisement: 6 months (the act on the consumer protection in the electronic commerce etc.)
- commercial book of the company and the important x-x-documents about business: 10 years (commercial law)
4. destruction of personal information
unless there is the duty to preserve the information according to the provisions of the relative regulations, the company shall immediately destroy the personal information when the purpose of collection and use is achieved in principle. however, if a user does not log in for a year, the personal information of such user shall be destroyed immediately according to the provisions of paragraph 2 of article 29 of the act on promotion of information and communications network utilization and information protection etc. the procedure, deadline and methods of destruction are as follows.
① procedure of destruction
the information entered by users shall be moved to the additional db(in case of paper, additional x-x-documents) after the achievement of the purposes and destroyed after the certain period of storage or immediately. at this time, the personal information moved to the db shall not be used for purposes other than those specified in the relevant laws.
② deadline for destruction
the personal information of users will be destroyed within 5 days from the end of the retention period in the case the retention period lapses, and 5 days from the date upon which the processing of personal information is deemed unnecessary in the case that personal information becomes unnecessary due to events such as the achievement of the purposes of personal information processing, the closing of the relevant services, and/or the termination of business etc.
③ methods of destruction
in case of the electronic files information, technical methods rendering the records not reproducible are applied. personal information printed on paper shall be destroyed using a shredder or through incineration.
5. consignment of personal information processing
the company assigns the processing of the personal information to the external specialized company as below.
| assignee | assigned works |
|---|---|
| ㆍhyundai autoever co., ltd. | system maintenance |
at the time of the execution of relevant agreements with the assignee(s) regarding the assignment of the processing of personal information, the company specifies the prohibition of processing personal information for purposes other than those of the assignment, technical and managerial protection measures, limitation of re-assignment, the purpose and scope of the assigned works and the responsibilities including compensation in the contract, and oversees whether the assignees treat the personal information in a safe manner.
when the contents of assignment or the assignees are changed, the company will make known such change immediately through the privacy policy.
6. assuring the safety of personal information
measures for the technical and managerial protection of personal information
in terms of the treatment of the personal information of its customers, , the company applies the technical and managerial measures for assuring the safety of the information, so as to prevent the loss, theft, leakage, alteration or damage of the personal information.
①technical measures
1) encryption of customer information
the valued personal information of our customers is stored in the db in encrypted from, so that the personal information cannot be used even if the information is disclosed by intrusion.
2) encryption of communications section
for the section where the customers enter and deliver the personal information at the time of joining the membership and logging on the website, the information is safely delivered through ssl.
3) installation of safety solution
for the provision of services and the safe management of the personal information, a vaccine program is installed in the personal information processing system, updated periodically and checked regularly. in preparation for intrusions such as hacking, continuous monitoring is performed by installing the intrusion prevention and detection system.
② managerial measures
1) establishment of personal information management system
for the safe management of the personal information, an internal management system for the personal information is established.
2) operation of a personal information protection committee
the company organizes a committee for personal information protection and holds two or more meetings a year to improve and correct issues regard8hg the operation of the personal information management system and the protection of personal information.
3) management of the personal information processors
for the personal information processors who handle customer information, the company collects the personal information protection declarations and conducts at least 2 personal information protection training sessions a year to emphasize the importance of data processing and to ensure that customer information is handled securely. further, the company controls access rights of personal information processors to minimize unnecessary access to and disclosure of personal information.
7. rights of users and the exercise thereof
① request to review and/or correct personal information
1) users may request to review (copy and print requests included) their personal information collected and stored by the company at any time and request the provision of the status of the company’s use of the personal information or the company’s provision of such information to third parties and the status of the consent(s) they have provided for the collection, use and provision of personal information to the company, and request revisions of any any inaccuracies in their personal information.
2) when users request to review or correct their personal information in person, in writing, by phone or e-mail, the company will take the necessary measures immediately.
3) when users request the correction of errors in their personal information, the information shall not be used or provided to third parties until such corrections are made. and when the information is already provided to third parties, the correction shall be notified to the third party without delay so that corrections may be made.
② withdrawal of consent
1) users may withdraw all or the part of the consent to the collection, use and provision of the personal information at any time.
2) withdrawal of the consent may be made by users themselves by entering their passwords after clicking the 『withdrawal of consent』 or 『withdrawal of membership』 menu on the first screen of website (or the members information change screen after logging), or by contacting the personal information manager in writing, by phone or by e-mail, upon which the company will immediately take any necessary measures such as the destruction of the personal information.
8. personal information manager
① to protect personal information and to handle the dissatisfaction and complaints regarding personal information, the company has appointed a personal information manager as below.
②should users have any inquiries about the protection of personal information, the handling of complaints and the remedy for damages while using the services provided by the company, users may contact the manager or department for personal information management.
in this case, the company will answer to the inquiries promptly and sincerely.
③if users need counseling on the infringement of personal information, users may inquire to the institutions below.
- infringement of personal information report center: (no area code) 118 (privacy.kisa.or.kr)
- personal information dispute mediation committee: (no area code) 118 (privacy.kisa.or.kr)
- cyber crime division of the supreme prosecutor’s office: 02-3480-3573 (www.spo.go.kr)
- cyber crime division of the national police agency: 1566-0112 (www.netan.go.kr)
9. change of the privacy policy
this privacy policy shall be effective from the enforcement date, and if there is any addition, delete and correction of the contents according to the regulations and/or policies, it shall be notified by notice seven days prior to such changes taking effect.