Privacy Policy

Privacy Policy specifies the purpose of collecting personal information by RUAN PACIFIC INC. (hereinafter referred to as "the Company") and the political, systematic security of such information for protection of personal information. It is established to prevent damages to human rights caused by disclosure of personal information and to secure confidentiality and freedom of the Member's privacy as well as the confidentiality of communications and network.

In accordance with Article 20 of the Personal Information Protection Act, the Company has established and announced the following Privacy Policy so as to protect the personal information of information providers and handle related troubles with efficiency and promptness. The Company informs our Members on how and on what purpose the personal information is used and what actions are taken for protection of personal information in this Privacy Policy.

The Company will inform any changes to the Privacy Policy through the notice of official homepage. Please frequently visit our homepage to check for any change.
When the Company amends the Privacy Policy, it will be notified through the notice of official homepage (or notified to individual Members).

Article 1 Personal Information Collection Items & Purpose of Use

The Company will use the collected personal information for the following purposes. The personal information processed will be used for the purposes specified below, and when the purpose of its use is changed, any necessary measures, including a separate agreement for its use, will be implemented in accordance with Article 18 of the Personal Information Protection Act.

Article 2 Personal Information Retention Period & Period of Use

When receiving the services provided by the Company, the personal information of Members will be retained in the Company and used for service provision. However, when the purpose of collecting and receiving the personal information of Members is achieved, when withdrawal from membership is requested in accordance with the procedure set forth in Article 47 of the Membership Management Rules of the Company, or when the Member's rights are terminated in accordance with the cause(s) defined in Article 48, the relevant personal information will be deleted using a technical method that prevents recovery of such information, and it cannot be read or used for any other purposes.

However, when such information should be retained for a certain period of time for the purpose of checking the relation of rights and duties in relation to the business transactions, in accordance with the applicable laws and ordinances such as the Commercial Law, such information will be retained for the set period.

Records on contracts (agreements) or subscription withdrawal : 5 years

Records on payments and supply of goods/services : 5 years

Records on customer complaints or dispute settlement : 3 years

Prevention of re-registration within 6 months after withdrawal from membership & Distinguishing people not suitable to be the Company's Members in accordance with the internal corporate policy : 3 years

Article 3 Personal Information Provision & Sharing

In principle, the Company will not disclose the Member's personal information to companies and organizations that are irrelevant to the services. However, the personal information can be exceptionally provided without a consent under the following conditions.

① When it is determined that personal information should be provided to take legal actions against the person who violated the Company's Membership Rules, or damaged others or acted against the beautiful and fine custom using the Company's services;
② When it is requested by the investigation agencies for the purpose of conducting investigations in accordance with the procedure and method specified in the law, or for the purpose of the terms set forth in the laws.

Article 4 Consignment of Personal Information Processing & Providing to the Third Parties

For improvement of the services, collection, handling and management of the Member's personal information can be consigned to the consignment company, and upon concluding a consignment agreement in accordance with the applicable laws and ordinances, it is specified for safe management of personal information.

① Upon concluding a consignment agreement, the Company will specify the following matters in the contract documents, including prohibition of handling personal information for purposes other than the purpose of consignment works in accordance with Article 25 of the Personal Information Protection Act; technical and managerial protection policy; restriction of re-consignment; management and supervision of the consignee; and liability of compensation for damages, and will supervise whether the consignee is safely handling the personal information.
② When the consignment work scope or the consignee is changed, it will be immediately informed in the Privacy Policy.

Article 5 Rights/Duties of the Information Provider & Exercising the Rights/Duties

① The information providers can exercise the following rights related to protection of personal information at any time against the Company.

• Request for reading the personal information;
• Request for correction of errors;
• Request for deletion; and
• Request for suspension of information handling.

② Exercising the rights in accordance with Clause 1 can be done in writing and by phone, e-mail or fax, and the Company will immediately take proper actions.
③ When the information providers request for correction of errors in the personal information or for deletion of personal information, the Company will not use the relevant personal information until such correction or deletion is completed.
④ Exercising the rights in accordance with Clause 1 can be done through an agent, including a legal agent of the information provider or any delegating person. In such a case, the power of attorney in accordance with the Appendix 11 Form of the Enforcement Rules of the Personal Information Protection Act should be submitted.
⑤ The information providers should not violate the applicable laws including the Personal Information Protection Act to invade the personal information and privacy of himself/herself and others.

Article 6 Technical & Managerial Actions

① Technical Measures

The Company has come up with the following technical measures in handling the Member's personal information, to prevent loss, theft, leakage, transformation or damage of the personal information and to secure safety.

• The Member's personal information is protected with passwords, and files and transmission data are encrypted or a file lock function is used to protect critical data with a separate security function.
• The Company uses a vaccine program to prevent damages caused by computer viruses.
• The vaccine program is periodically updated, and it is provided as the viruses suddenly appear, preventing the viruses to intrude the personal information.
• The Company uses encryption algorithm and adopts a security device (SSL or SET) to safely send the personal information via network.
• In preparation for external intrusions including hacking, each server is fully protected using the intrusion prevention system (firewall) and vulnerability analysis system.

② Managerial Measures

• The Company restricts the number of users authorized to access the Member's personal information, and regular office training and the training with external instructors regarding acquisition of new security technologies and duties of personal information protection are conducted for the employees handling the personal information.
• Before joining the company, all employees sign the security pledge to prevent disclosure of information by people, and internal procedures are established to monitor whether the employees conform to the Privacy Policy and whether the terms are implemented accordingly.
• The employees handling personal information will transfer his/her works with the security thoroughly maintained, and the employees are responsible for the accidents related to personal information upon entering and leaving the company.
• The Company will not be responsible for user's mistakes or any event caused by the basic danger of Internet.
• The individual Member should reasonably manage his/her ID and password to protect the personal information and the Member should act with responsibility.
• When the personal information is lost, disclosed, transformed or damaged, caused by the internal administrator's mistake or the accident in relation to technical management, the Company will immediately inform the Member and come up with an appropriate action.

Article 7 Personal ID & Password Management

In principle, the ID and password used by the Member are to be used only by such Member. Unless the Company intentionally or negligently uses the information, the Company will not be responsible for the problems arising from illegal use of the Member's ID and password or use by other people. In whatever case, do not reveal the password to others and take special care not to disclose the personal information to others when at login status. When the personal information of others is illegally used for membership registration or purchasing goods/services, the agreement can be unilaterally terminated and the person illegally using the information will be sentenced for 3 years or less, or fined for 10 million won or less in accordance with the Resident Registration Act.

Article 8 Information Protection for the Children under 14

Only the person who is 20 years or older can register as the member of the Company.

Article 9 Personal Information Manager

The Company will be responsible for overall handling of personal information, and the following managers for personal information protection (management & practical task) are assigned for handling complaints of the information providers and damage relief. Any personal information protection related inquiry, complaints handling and damage relief arising from using the Company's services (or business activities) can be dealt by the personal information managers and relevant departments. The Company endeavors to offer you with the best possible answers for the inquiry of information providers.

① Personal Information Manager

• Name : Guk-Sang Choi
• Contact Number : 1661-8235 (Extension no. 3)
• E-mail : webmaster@ruankorea.co.kr

② Hands-on Personal Information Staff

• Name : Gyeong-Ah Kim
• Contact Number : 1661-8235 (Extension no. 1)
• E-mail : webmaster@ruankorea.co.kr

Article 10 Relief of Infringement on Rights and Interests

The information providers can inquire the following organizations for invasion of personal information. The organizations listed below are irrelevant to the Company. Please contact the following organizations to report or consult accidents related to invasion of personal information.

Personal Information Intrusion Declaration Center & Dispute Mediation Committee (under operation by Korea Internet & Security Agency)

• Tasks : Reporting intrusion of personal information, requesting for consultation and applying for dispute mediation
• Homepage: privacy.kisa.or.kr
• Contact Number: (without area code) 118
• Address: (138-950) KISA, 135 Jungdae-ro, Songpa-gu, Seoul

Personal Information Intrusion Declaration Center

• Cybercrime Investigation Department of the Prosecution Service: 02-3480-3573 (www.spo.go.kr)
• Cyber Terror Response Center of the National Police Agency: 1566-0112 (www.netan.go.kr)

For further consultation in relation to infringement/damages of personal information, contact the Personal Information Intrusion Declaration Center inside KISA (http://www.cyberprivacy.or.kr; Contact Number: 1336).

Article 11 Change of the Privacy Policy

• Privacy Policy: v1.0
• The Privacy Policy will be applied from May 4th, 2012.