Privacy Policy
BI MATRIX Co., Ltd. (hereinafter referred to as the "Company") complies with the Personal Information Protection Act and related laws to protect the freedom and rights of information subjects. The Company processes personal information lawfully and manages it securely. In accordance with Article 30 of the Personal Information Protection Act, the Company establishes and discloses the following privacy policy to inform information subjects about the procedures and standards for personal information processing and to address related concerns promptly and effectively.
Article 1: Purpose and Items of Personal Information Processing
- The Company processes personal information for the following purposes. The processed personal information will not be used for purposes other than those specified below. If the purpose of use changes, the Company will take necessary measures such as obtaining separate consent in accordance with Article 18 of the Personal Information Protection Act.
- 1) Inquiries
· Required Information: Inquiry channel/type, request details, company name, department name, name, email address, mobile phone number
· Purpose: To collect basic information for responding to inquiries and requests
- 2) Newsletter
· Required Information: Company name, name, email address
· Optional Information: Contact number, department name, position, interests
· Purpose: To provide and manage newsletters
- 3) GPT Store
· Required Information: Name, login ID (Google email)
· Purpose: To provide services and manage memberships and data
- 4) Training Applications
· Required Information: Company name, name, email address, mobile phone number
· Purpose: To collect basic information for training applicants
- 5) Recruitment
· Required Information: Name, email address, mobile phone number, education, work experience, address, qualifications
· Purpose: To conduct recruitment processes
- 1) Inquiries
- Users have the right to refuse consent to the collection of required information and may also refuse consent for optional information. However, refusal to consent may result in restrictions on the related services.
Article 2: Retention and Use Period of Personal Information
- Personal information is processed and retained within the retention and use period specified by laws or agreed upon by the information subject at the time of collection.
- Personal information will be retained and used only during the period the service is provided. Upon request for deletion or when the purpose of collection and use is achieved, the information will be immediately destroyed without exception. For recruitment, personal information will be retained for one year from the submission date and then destroyed.
Article 3: Procedures and Methods for Destroying Personal Information
- The Company shall destroy personal information without delay when the retention period has expired, or the purpose of processing has been achieved.
- If personal information must be retained in accordance with other laws despite the expiration of the retention period or the achievement of processing purposes, the information will be stored in a separate database (DB) or moved to a different storage location.
- The procedures and methods for destroying personal information are as follows:
- 1) Destruction Procedures
The Company selects personal information for destruction and obtains approval from the Personal Information Protection Officer to destroy the information within one month.
- 2) Destruction Methods
Personal information stored electronically will be destroyed to ensure it cannot be recovered. Personal information stored in paper documents will be shredded or incinerated.
- 1) Destruction Procedures
Article 4: Provision of Personal Information to Third Parties
- The Company processes personal information of information subjects only within the scope specified for the purposes of processing. Personal information is provided to third parties only with the consent of the information subject or in cases permitted by special provisions of the law, in accordance with Articles 17 and 18 of the Personal Information Protection Act. The Company does not provide personal information to third parties under any other circumstances.
- In accordance with the "Guidelines for Processing and Protecting Personal Information in Emergencies" jointly announced by government agencies, the Company may provide personal information to relevant authorities without the consent of the information subject in urgent situations, such as disasters, infectious diseases, imminent threats to life or physical safety, or significant property loss.
Article 5: Outsourcing of Personal Information Processing
- The Company may outsource the processing of personal information as outlined below to enhance its services. In accordance with relevant laws, the Company ensures that necessary measures are stipulated in outsourcing contracts to ensure the safe management of personal information.
개인정보 처리의 위탁 Entrusted Party (Service Provider) Entrusted Tasks Retention and Use Period Gabia Server management and operation Until the termination of the contract NETPATHY MAILLINK Sending mass emails Within 60 days after use
Article 6: Rights and Obligations of Information Subjects and Methods of Exercise
- Information subjects may exercise their rights, such as requesting access, correction, deletion, or suspension of the processing of their personal information, at any time with the Company.
- The exercise of these rights may be made through written documents, telephone, email, fax, or other means as prescribed in Article 41(1) of the Enforcement Decree of the Personal Information Protection Act, and the Company will take prompt action without delay.
- Rights may also be exercised through a legal representative of the information subject or an authorized agent. In such cases, a power of attorney in the format specified in Form No. 11 of the Public Notice on Methods of Processing Personal Information must be submitted.
- Requests for access to or suspension of the processing of personal information may be restricted under Article 35(4) and Article 37(2) of the Personal Information Protection Act.
- Requests for correction or deletion of personal information may not be granted if the collection of such information is mandated by other laws.
- The Company verifies the identity of the requester or their authorized representative when a request for access, correction, deletion, or suspension of processing is made in accordance with the rights of the information subject.
Article 7: Measures to Ensure the Security of Personal Information
The Company takes the following measures to ensure the security of personal information.
- Administrative Measures
① Establishment and implementation of an internal management plan
② Regular training for employees
- 2. Technical Measures
① Management of access rights to personal information processing systems
② Installation of access control systems
③ Installation of security programs
④ Encryption of unique identifiers and other sensitive information
- Physical Measures
① Access control for server rooms and data storage areas
Article 8: Installation, Operation, and Rejection of Automated Information Collection Devices
The Company does not use cookies or similar devices to store and retrieve information about users.
Article 9: Collection, Use, and Rejection of Behavioral Information
The Company does not collect, use, or provide behavioral information for purposes such as online tailored advertising.
Article 10: Personal Information Protection Officer and Staff
- The Company designates the following Personal Information Protection Officer and staff to oversee personal information processing, address information subjects' complaints, and provide remedies for damages related to personal information processing.
- Information subjects may contact the Personal Information Protection Officer and the relevant department for inquiries, complaints, and remedies regarding personal information protection arising from the use of the Company's services (or business). The Company will promptly respond and address such inquiries.
Article 11: Remedies for Rights Infringement
- Information subjects may seek dispute resolution or counseling for privacy infringements by contacting the Personal Information Dispute Mediation Committee, the Korea Internet & Security Agency's Personal Information Infringement Report Center, or other relevant organizations.
- 1) Personal Information Dispute Mediation Committee
· 1833-6972 (www.kopico.go.kr)
- 2) Personal Information Infringement Report Center
· Personal Information Infringement Report Center: 118 (privacy.kisa.or.kr)
- 3) Supreme Prosecutors’ Office
· 1301 (www.spo.go.kr)
- 4) Cyber Bureau, National Police Agency
· 182 (ecrm.cyber.go.kr)
- 1) Personal Information Dispute Mediation Committee
- If an information subject's rights or interests are infringed due to a disposition or omission by the head of a public institution regarding a request under Articles 35 (Access to Personal Information), 36 (Correction or Deletion of Personal Information), or 37 (Suspension of Personal Information Processing) of the Personal Information Protection Act, the subject may file an administrative appeal under the Administrative Appeals Act.
- 1) Central Administrative Appeals Commission
· 110 (www.simpan.go.kr)
- 1) Central Administrative Appeals Commission
Article 13: Changes to the Privacy Policy
This privacy policy has been effective since September 2024 In the event of additions, deletions, or modifications to the content of the policy, the Company will provide advance notice at least 10 days prior to implementation through its website, including the reasons for and details of the changes. For significant changes, such as third-party provision of personal information, changes in the purposes of collection and use, or retention period, the Company will obtain the user's consent.