Article 1 (Purpose of Personal Information Processing)
ELYSIA (https://elysia.kr) processes the personal information with the consent of the person to perform the duties based on the Article 15 (Collection and Use of Personal Information) of [PERSONAL INFORMATION PROTECTION ACT] for the following purposes. Processed personal information shall not be used for other purposes than the following. If the purpose of use is changed, prior consent shall be obtained.
– Purpose of Processing: Real estate brokerage/sales service and marketing activities related to the abovementioned purpose, management of real estate ownership
Article 2 (The Period for Processing and Retaining Personal Information)
Collected personal information controller shall be destroyed without delay when the personal information becomes unnecessary owing to the expiry of the retention period, attainment of the purpose of processing the personal information. Provided, this shall not apply where the retention of such personal information is mandatory by other statutes. Other retention periods are determined in accordance with the [ACT ON THE CONSUMER PROTECTION IN ELECTRONIC COMMERCE, ETC].
– Retention Items: Billing history
– Retention Grounds: Records related to contract or withdrawal of subscription
– Retention period: 3 years
Article 3 (Provision of Personal Information to a Third Party)
ELYSIA handles personal information of users within the scope specified in the Article 1 (Purpose of Personal Information Processing) in principle, and shall not process information beyond the original scope or provide to a third party without prior consent of the user. Provided, personal information may be processed based on the Article 18 (Limitation to Out-of-Purpose Use and Provision of Personal Information) of the [PERSONAL INFORMATION PROTECTION ACT] for the following cases.
– If a user has agreed to provision to a third party and handling in advance
– If provision is required by laws and ordinances
– If the personal information is necessary for the implementation of a contract on the provision of services and it is extremely difficult to obtain normal consent for economic and technical reasons
Article 4 (Outsourcing of Personal Information Processing)
ELYSIA may entrust the personal information processing related to the business with the consent of a user to process the personal information smoothly.
In accordance with the Article 26 (Limitation to Personal Information Processing Subsequent to Outsourcing of Work) of the [PERSONAL INFORMATION PROTECTION ACT], ELYSIA shall specify the prevention of personal information processing for other purposes than the outsourced purpose, technical and managerial safeguards of personal information, prevention of re-consign, management/supervision on the outsourcee and responsibilities including compensation for damage in documents such as contracts and supervise whether an outsourcer handles personal information safely.
Article 5 (Rights and Obligations of Data Subjects and How to Exercise the Rights)
A user can exercise the following rights as a data subject.
1) Request to access to personal information: A data subject may request access to his/her own personal information, which is processed by ELYSIA, according to the Article 35 (Access to Personal Information). Access may be denied according to the same Article for the following cases.
– Where access is prohibited or limited by Acts
– Where ELYSIA rightfully determines that denial of access is justified
2) Request to erase personal information: Correction or erasure of personal information retained by ELYSIA may be requested in accordance with the Article 36 (Correction or Erasure of Personal Information) of the [PERSONAL INFORMATION PROTECTION ACT]. Provided, the erasure is not permitted where the said personal information shall be collected by other statutes.
Article 6 (Particulars of Personal Information to be Processed)
Personal information that ELYSIA collects/processes are as follows:
1) Mandatory: Name, nationality, date of birth, gender, address, mobile phone number, email, login ID, password, cookie, billion history
2) Optional: Account information, additional contact information
Also, following personal information may be automatically created and collected during the use of ELYSIA homepage: User IP, date of visit, service usage record
The information collected and stored automatically will be used for statistical analysis to improve and complement the website and for better communication between the users and the website in order to provide better service to the users. However, in some cases, such information may be submitted in accordance with the provisions of the Act.
Article 7 (Installation, Operation and Rejection of Automatic Personal Information Collection Device)
ELYSIA uses “cookie” which stores and finds user information as often as necessary.
“Cookie” is a small text file sent to a user’s browser by a server used to operate the website and is stored in the hard disk of a user’s computer.
To analyze access frequency and duration of visit of members and non-members, understand user’s preference and field of interest, track the activities, and understand the participation in various events and visit frequency for an index of target marketing and provision of customized service
A user has an option to accept or refuse installation of cookies. A user can choose the options of the web browser to accept all cookies, to receive notice when cookies are installed, or to refuse all cookies.
However, if a user refuses to install cookies, the user may have difficulty in using services provided by ELYSIA.
Article 8 (Destruction of Personal Information)
ELYSIA shall destroy personal information upon the expiry of the retention period or attainment of the purpose of processing the personal information. Provided, this shall not apply where the retention of such personal information is mandatory by other statutes. Destruction procedure, period and method are as follows:
1) Destruction Procedure
Information entered by a user shall be destroyed after a certain retention period upon the expiry of the retention period or attainment of the purpose according to the internal policy and related laws.
2) Destruction Method
(3) Personal information recorded/stored as electronic file shall be destroyed so that records shall not be played, and personal information recorded/stored on papers shall be destroyed using a shredder or incinerated.
Article 9 (Measures to Protect Personal Information)
ELYSIA takes the following measures to ensure the security of personal information.
1) Managing Measures Establishment and implementation of internal management policy
2) Technical Measures Management of system access rights
3) Physical Measures Separate storage of personal information, control of unauthorized access
Article 10 (Privacy Officer)
To protect personal information of members and handle complaints regarding personal information, ELYSIA designates the chief privacy officer as the following according to the Article 31 (Designation of Privacy Officers) of the [PERSONAL INFORMATION PROTECTION ACT].
Privacy Officer of ELYSIA
– Organization: ELYSIA
– Name: Won-jun Cha
– Title: CSO
– Tel.: 010-7102-9382
– E-mail: firstname.lastname@example.org