WEBCEPH POLICY

Privacy Policy

AssembleCircle Corp. (the "Company") takes the personal information of users who use the website operated by the company (https://webceph.com hereinafter "WebCeph") very seriously and has the following privacy policy. This personal information processing policy will be updated when there is a change in laws or guidelines related to personal information and may change according to changes in the company policy. The company's personal information processing policy contains the following contents.

  1. Collection and use of personal information
  2. Provision of personal information to a third party
  3. Consignment of personal information processing and overseas transfer
  4. Retention/use period and destruction of user personal information
  5. Smartphone app management
  6. Operation and rejection of cookies
  7. User's rights
  8. User's obligations
  9. Technical/administrative protection measures for personal information
  10. Personal Information Protection Officer
  11. Notification obligation

1. Collection and use of personal information

A. The purpose of collecting personal information by the company is to provide optimized and customized services by confirming the user's identity and intention to use the service. When registering as a member for the first time, the Company collects only the minimum information necessary to perform the essential functions of the service, and may additionally collect information necessary for payment, delivery of goods, and refunds according to the use of the service provided by the company.

B. The company does not use personal information for purposes other than collection and use or provide it to a third party without the consent of the user.

C. The company may collect and use personal information for the following purposes. However, if it is inevitable to collect and store resident registration numbers and bank account numbers in accordance with related laws such as the Act on Consumer Protection in E-Commerce Transactions (hereinafter referred to as the ‘Transfer Act'), the Framework Act on National Taxes, and the Electronic Financial Transactions Act, the relevant information may be collected.

Purpose Item Retention period
Confirmation of identity, SSO linkage, contact for notice of violation of policy and change of terms and conditions, confirmation of identity and handling of customer complaints. (Required) Name, ID, password, nickname, mobile phone number, e-mail address, country of origin, alien registration number (for foreigners) Principle: Until membership withdrawal
Records on consumer complaints or dispute settlement: 3 years (previous law)
Order, payment and delivery service (Required) Name, ID, phone number, country, address, email address, bank account information, mobile phone number when paying by mobile phone, cash receipt information when applying for a cash receipt, payment information Withdrawal of contract or subscription: 5 years (previous commercial law)
Records of payment and supply of goods, etc.: 5 years (transfer method)
Books and supporting documents for all transactions stipulated by the tax law: 5 years (Basic National Tax Act)
New service development, customized service provision and marketing, service use statistics and surveys (Optional) Gender, date of birth, mobile phone number, email address Until membership withdrawal
Integrated service operation such as identification, identity verification, age verification, illegal use prevention, customized service, etc. (ID/PW search and WebCeph service) (Required) Name, ID, password, nickname, gender, date of birth, mobile phone number, e-mail address, country, occupation, bio or career, hospital name, hospital address, hospital contact information, CI/DI, i-PIN authentication result, telecommunication company, my/ Foreigner information, service use record, device information Principle: Until membership withdrawal
Record of fraudulent transaction: 1 year
Handling of customs clearance for products directly delivered overseas (Required) Personal customs clearance code Records on import declaration, etc.: 5 years
Purpose Confirmation of identity, SSO linkage, contact for notice of violation of policy and change of terms and conditions, confirmation of identity and handling of customer complaints.
Item (Required) Name, ID, password, nickname, mobile phone number, e-mail address, country of origin, alien registration number (for foreigners)
Retention period Principle: Until membership withdrawal
Records on consumer complaints or dispute settlement: 3 years (previous law)
Purpose Order, payment and delivery service
Item (Required) Name, ID, phone number, country, address, email address, bank account information, mobile phone number when paying by mobile phone, cash receipt information when applying for a cash receipt, payment information
Retention period Withdrawal of contract or subscription: 5 years (previous commercial law)
Records of payment and supply of goods, etc.: 5 years (transfer method)
Books and supporting documents for all transactions stipulated by the tax law: 5 years (Basic National Tax Act)
Purpose New service development, customized service provision and marketing, service use statistics and surveys
Item (Optional) Gender, date of birth, mobile phone number, email address
Retention period Until membership withdrawal
Purpose Integrated service operation such as identification, identity verification, age verification, illegal use prevention, customized service, etc. (ID/PW search and WebCeph service)
Item (Required) Name, ID, password, nickname, gender, date of birth, mobile phone number, e-mail address, country, occupation, bio or career, hospital name, hospital address, hospital contact information, CI/DI, i-PIN authentication result, telecommunication company, my/ Foreigner information, service use record, device information
Retention period Principle: Until membership withdrawal
Record of fraudulent transaction: 1 year
Purpose Handling of customs clearance for products directly delivered overseas
Item (Required) Personal customs clearance code
Retention period Records on import declaration, etc.: 5 years

*Illegal transaction: Refers to a transaction of methods or contents that violate laws and regulations, the terms of service or public order and morals between the company and users, or infringe on the rights or interests of other companies, members, or others.

D. In addition, the following information can be automatically generated and collected, stored, combined, and analyzed during service use or business processing.

  • Use history information such as IP address, date of visit, service use record: prevention of illegal use, prevention of unauthorized use, development of new services and provision of customized services, etc.

E. When collecting user's personal information, the company must obtain the consent of the user unless there is a separate basis under laws and regulations, race, place of origin, place of origin, ideology, political orientation, and criminal records that may infringe on the user's basic human rights., Health status, etc., is not collected unless the consent of the user or in accordance with the provisions of laws and regulations.

F. The company allows members to sign up for members over the age of 19, and does not collect personal information of children who require consent from a legal representative for collection and use of personal information.

G. The company may collect personal information in the following ways.

  1. Homepage, mobile application, mobile webpage, written, fax, telephone, customer service inquiry, event application
  2. Automatic collection through generated information collection tool

H. When collecting personal information, the company divides the minimum personal information necessary for service provision into 'mandatory consent items' and other personal information into 'optional consent items' and prepares a procedure for individual consent to this. The company does not refuse to provide the service because it does not provide personal information other than the minimum personal information required by the user.

2. Provision of personal information to a third party

A. The company uses the personal information of users within the scope notified in 「Collection and Use of Personal Information」, and does not use the user's personal information beyond the scope without prior consent of the user or provide the user's personal information to a third party. However, the following cases are exceptions.

  1. When users have previously consented to disclosure or provision to a third party
  2. In accordance with the provisions of the law, request of the investigating agency and the supervisory authority, procedures and methods prescribed by the law for the purpose of investigation.
  3. Settlement of fees when necessary

B. In addition, if it is necessary to provide personal information to a third party, personal information may be provided to the third party through legitimate procedures such as obtaining the consent of the user. The Company may provide personal information through legitimate procedures such as obtaining user consent if necessary for the user's transaction execution.

C. Users may disagree with the provision of personal information to a third party, and may withdraw their consent to the provision of personal information to a third party at any time. If you refuse to consent, you can still use the membership service, but the use/provision of related services based on the provision of a third party may be restricted. Any changes to the provision of other personal information to a third party will be notified separately.

3. Consignment on processing of personal information and transfer to overseas

The company entrusts the following tasks in relation to personal information processing and takes necessary measures to ensure that personal information on consignment contracts can be safely managed in accordance with relevant laws and regulations. The company considers the trustee's ability to protect personal information when making a consignment contract.

Trustee (country) Commissioned work Items of personal information transferred Transfer date and transfer method Trustee contact information Purpose of use and retention period of trustee
Amazon Web Services Korea LLC(USA) Cloud service Name, ID, password, nickname, gender, date of birth, mobile phone number, e-mail address, country of origin, occupation, bio or career, hospital name, hospital address, hospital contact information, alien registration number, bank account information, cash receipt information, payment information, Information actually collected among CI/DI, i-PIN authentication results, telecommunications companies, domestic/foreigner information, service use records, device information, and personal customs clearance codes When collecting personal information, it is stored in the cloud service 12F, 508, Nonhyeon-ro, Gangnam-gu, Seoul (GS Tower) (06141) Cloud service provision, until the end of the consignment contract
Trustee (country) Amazon Web Services Korea LLC(USA)
Commissioned work Cloud service
Items of personal information transferred Name, ID, password, nickname, gender, date of birth, mobile phone number, e-mail address, country of origin, occupation, bio or career, hospital name, hospital address, hospital contact information, alien registration number, bank account information, cash receipt information, payment information, Information actually collected among CI/DI, i-PIN authentication results, telecommunications companies, domestic/foreigner information, service use records, device information, and personal customs clearance codes
Transfer date and transfer method When collecting personal information, it is stored in the cloud service
Trustee contact information 12F, 508, Nonhyeon-ro, Gangnam-gu, Seoul (GS Tower) (06141)
Purpose of use and retention period of trustee Cloud service provision, until the end of the consignment contract

In addition, the company transfers and processes the user's personal information to Korea as follows.

Recipient (country) Purpose of transfer Items of personal information to be transferred Retention period
AssembleCircle Corp.(Republic of Korea) WebCeph service provided Name, ID, password, nickname, gender, date of birth, mobile phone number, e-mail address, country of origin, occupation, bio or career, hospital name, hospital address, hospital contact information, alien registration number, bank account information, cash receipt information, payment information, Information actually collected among CI/DI, i-PIN authentication results, telecommunications companies, domestic/foreigner information, service use records, device information, and personal customs clearance codes Until membership withdrawal
Recipient (country) AssembleCircle Corp.(Republic of Korea)
Purpose of transfer WebCeph service provided
Items of personal information to be transferred Name, ID, password, nickname, gender, date of birth, mobile phone number, e-mail address, country of origin, occupation, bio or career, hospital name, hospital address, hospital contact information, alien registration number, bank account information, cash receipt information, payment information, Information actually collected among CI/DI, i-PIN authentication results, telecommunications companies, domestic/foreigner information, service use records, device information, and personal customs clearance codes
Retention period Until membership withdrawal

4. Retention/use period and destruction of user’s personal information

In principle, the Company retains and uses the user's personal information during the agreed period with the user. When the purpose of collection and use is achieved or when a user requests deletion, the company deletes the personal information without delay. However, the following information is retained for the specified period for the following reasons.

A. Reasons for information preservation according to related laws and company policies

If it is necessary to preserve it in accordance with the provisions of related laws such as the Commercial Act, the personal information of the user is kept in accordance with the laws and regulations and is not used for other purposes such as marketing.

Related laws purpose Items to be collected Retention period
Communications Secret Protection Act Provided upon request by an investigative agency upon receipt of a court warrant Log record, IP, etc. 3 months
Transference Records on consumer complaints or dispute settlement Consumer identification information, dispute handling records, etc. 3 Years
Records on payment and supply of goods, etc. Consumer identification information, contract/subscription withdrawal records, etc. 5 Years
Records on contract or subscription withdrawal, etc. National tax evidence, etc. 10 Years
National Tax Basic Law Calculation of national tax exclusion period Tax base and tax reporting data, etc. 5 Years
Calculation of expiring prescription for national tax collection rights, etc.
VAT law Ledger, tax invoice, import tax invoice, receipt, etc. Tax base of VAT and reporting data of tax amount, etc. 5 Years
Electronic Financial Transaction Act Check electronic financial transaction records Records on electronic financial transactions, information on counterparties, etc. 5 Years
[Related laws : Communications Secret Protection Act]
Purpose Provided upon request by an investigative agency upon receipt of a court warrant
Items to be collected Log record, IP, etc.
Retention period 3 months
[Related laws : Transference]
Purpose Records on consumer complaints or dispute settlement
Items to be collected Consumer identification information, dispute handling records, etc.
Retention period 3 Years
Purpose Records on payment and supply of goods, etc.
Items to be collected Consumer identification information, contract/subscription withdrawal records, etc.
Retention period 5 Years
Purpose Records on contract or subscription withdrawal, etc.
Items to be collected National tax evidence, etc.
Retention period 10 Years
[Related laws : National Tax Basic Law]
Purpose Calculation of national tax exclusion period
Items to be collected Tax base and tax reporting data, etc.
Retention period 5 Years
Purpose Calculation of expiring prescription for national tax collection rights, etc.
Items to be collected Tax base and tax reporting data, etc.
Retention period 5 Years
[Related laws : VAT law]
Purpose Ledger, tax invoice, import tax invoice, receipt, etc.
Items to be collected Tax base of VAT and reporting data of tax amount, etc.
Retention period 5 Years
[Related laws : Electronic Financial Transaction Act]
Purpose Check electronic financial transaction records
Items to be collected Records on electronic financial transactions, information on counterparties, etc.
Retention period 5 Years

B. The period of retention and use of collected personal information is from the signing of the service use contract (member registration) to the termination of the service use contract (including withdrawal application and direct withdrawal). In addition, upon termination of consent, the company deletes the user's personal information without delay, except for data that is stored for a certain period for the reason of retaining the information specified above and instructs the trustee to delete the personal information if the processing of personal information was entrusted to a third party.

C. In accordance with Article 39-6 of the Personal Information Protection Act, the personal information of users who have not used the company's services for one year will be notified in advance and the personal information will be deleted or stored separately. However, if it is necessary to preserve it in accordance with the provisions of related laws, such as the Protection of Communications Secrets Act and the Consumer Protection Act in Electronic Commerce, etc., the personal information of users is kept for a certain period stipulated by the relevant laws.

D. The company shall notify the user about facts, period of storage and management of personal information by means of WebCeph notices, e-mails, etc. to the user 30 days before the separate storage of personal information described in paragraph C. Inform. To this end, the user must provide/edit the correct contact information to the company.

E. Deletion method

User's personal information is deleted without delay after the purpose of collection and use is achieved. Personal information printed on paper is shredded or incinerated and personal information stored in electronic file format is deleted using technical or physical methods that cannot reproduce the record..

5. Smartphone app management

When using the service through a smartphone app, information is collected or transmitted after notifying the user that the user is accessing terminal information within the scope of obtaining consent for collection and use of personal information and obtaining approval. Just because the user has allowed access to the terminal on the app does not mean that all information related to the permission is immediately collected or transmitted. To use the service, the access right of the smartphone app is required or selectively requested from the user, and the user can change it in the 'Settings' menu afterwards. You can check the details of app permission through the app store.

Even if you delete the app on your smartphone, the user's member account is retained, so if you want to withdraw membership, please use the ‘Membership Withdrawal' function on the WebCeph PC webpage or contact the customer center.

6. Operation and rejection of cookies

A. Purpose of use of cookies

1) The company uses ‘cookies’ that store usage information in order to provide personalized services on the Internet site operated by the company. Cookies are small pieces of information that the website server sends to the user's browser and are stored on the user’s computer hard disk.

2) The company can provide specific customized services that are only possible through the use of cookies.

3) The company may use cookies to identify members and to keep members logged in.

B. Installation/operation and rejection of cookies

1) Users have the option of installing cookies. Therefore, the user can allow/reject all cookies by adjusting the options in the web browser, or check each time a cookie is saved.

- How to specify whether to allow the installation of cookies (for Internet Explorer) is as follows.

  • Select [Internet Options] from the [Tools] menu.
  • Click the [Personal Information Tab].
  • You can set the [Personal Information Processing Level].

2) If you refuse to store cookies, some services provided by the company, such as personalized services, may be difficult to use.

3) For details on customized advertisements, please check the link.

7. User's rights

The rights that a member can exercise include the right to read, the right to correct, the right to delete, the right to suspend processing, and the right to withdraw consent.

A. Right to Reading

- Members can immediately access the member's personal information items and contents in the “Account Management” menu of the website at any time.

- If you wish to view additional personal information, such as the purpose of collection and use of personal information, period of retention and use of personal information, status of provision of personal information to a third party, facts and contents of consent to the processing of personal information, please apply at the application page [link] or send an email to admin@assemblecircle.com.

- In the case of each of the reasons below, access may be restricted or denied.

  1. When viewing is prohibited or restricted by law
  2. If there is a risk of harming a person’s the life or physical aspects, or when is a risk of unfairly infringing on the property and other interests of a person

- If you request to view the application page [link] or by e-mail, we will respond within 10 days and grant your access to view. However, in unavoidable circumstances, it may be made available for viewing after 10 days with prior notice, and if the viewing is restricted or rejected, the relevant content will be notified within 10 days.

B. Right to Revise

- Members can access the “Account Management” menu of the website at any time and read and correct the personal information items and contents of the member immediately.

- If additional personal information such as the purpose of collection and use of personal information, period of retention and use of personal information, the status of provision of personal information to a third party, the facts and contents of consent to the processing of personal information, etc., please apply from the application page [link] or send an email to admin@assemblecircle.com to request correction.

- If you apply for correction via the application page [link] or e-mail, you will be notified of the correction result within 10 days.

C. Right to erasure

- Members can access the “Account Management” menu of the website at any time and immediately view and delete your personal information items and contents.

- If you have viewed additional personal information such as, the purpose of collection and use of personal information, period of retention, and use of personal information, status of provision of personal information to a third party, facts and contents of consent to the processing of personal information, and would like to delete a content, please apply from the application page [link] or send an email to admin@assemblecircle.com to request deletion.

- Deletion may be rejected for the following reasons.

  • When the personal information is specified as the object of collection in other laws

- Even if the personal information requested to be deleted is essential information necessary for the provision of the service, deletion may be restricted, and if such personal information needs to be deleted, please use other methods such as withdrawal of membership.

- If you apply for deletion via the application page [link] or e-mail, you will be notified of the deletion result within 10 days. In addition, if the deletion is rejected, we will notify you of the relevant details within 10 days.

D. Right to stop processing

- Members can apply at any time from the application page [link] or send an email to admin@assemblecircle.com to request to stop the processing of personal information.

- However, if there are any of the following reasons, the suspension of processing may be rejected.

  1. If there are special regulations in the law or it is inevitable to comply with legal obligations
  2. When there is a risk of harming a person's life or physical aspects, or unreasonable infringement of a person's property and other interests
  3. If personal information is not processed, it is difficult to perform the contract, which will lead to failure providing services contracted with the information subject, and the information subject does not clearly state his intention to terminate the contract.

- In the case of requesting suspension of the process through the application page [link] or by e-mail, the result of suspension of the process will be notified within 10 days. In addition, if the suspension of the process is rejected, related details will be notified within 10 days.

E. Right to withdraw consent

- Members can withdraw their consent such as comprehensive collection, use, and provision of personal information at any time through the “Account Management” menu of the website and pressing the “Delete Account” button.

- If there is a separate consent for a separate service within the website, and you wish to withdraw your consent only for that consent, please apply from the application page [link] or send an email to admin@assemblecircle.com. Please send your intention to withdraw your consent. For reference, due to the withdrawal, the service may be limited or you may not be able to use some services.

- If you withdraw your consent, personal information collected under the consent will be deleted without delay. However, in the case of personal information collected based on individual laws without consent, consent may be retained and used for the period specified by the relevant laws and ordinances regardless of the withdrawal of consent and will be deleted immediately after the period stipulated by the relevant laws and regulations is over. In addition, if the company is required to preserve the member's personal information according to separate terms and conditions, the processing may be restricted.

8. User's obligations

Users are obligated to protect their personal information, and there is no liability for the company regarding rental, loss of ID, password, media access, etc. The Company is not responsible for any problems caused by leakage of personal information due to problems on the Internet that the Company cannot control despite considerable caution, such as hacking or technological issues that cannot be blocked.

A. Users must keep their personal information up to date, and the user is responsible for any problems arising from the user's incorrect information input.

B. In the case of a member sign-up that impersonates other people's personal information or stolen ID, etc., during processing payment, the user may lose the user's qualifications and may be punished in accordance with relevant laws and regulations.

C. The user is responsible for maintaining the security of the ID, password, etc., and cannot be transferred or lent to a third party. The user is obligated to cooperate with the periodic change of password for security in accordance with the company's privacy policy.

D. After using the company's services, users must close their login account and close the web browser program.

E. Users must comply with other personal information laws such as the 'Information and Communication Network Utilization Promotion and Information Protection Act', 'Personal Information Protection Act', and 'Resident Registration Act'.

9. Technical/administrative protection measures for personal information

The company is taking the following technical/administrative protection measures to ensure safety so that personal information is not lost, stolen, leaked, altered or damaged in processing of users' personal information.

A. Encryption of personal information

User's password is stored and managed by one-way encryption, and personal information can be checked and changed only by the person who knows the password. Password generation rules have been established and applied to avoid using numbers that are easy for others to guess, such as the user's birthday and phone number. Personal information such as resident registration number, foreigner registration number, bank account number and credit card number are encrypted and stored and managed with a secure encryption algorithm.

B. Countermeasures against hacking, etc.

The company operates an intrusion detection and intrusion prevention system 24 hours a day to prevent leakage of the user's personal information due to intrusion of the company's information and communication network such as hacking. In preparation for an emergency, all intrusion detection systems and intrusion prevention systems are operated in a redundant configuration, and sensitive personal information can be safely transmitted over the network through encrypted communication.

C. Minimization and education of personal information handlers

The company restricts the company's personal information handlers to a minimum, and recognizes the importance of personal information protection through administrative measures such as training for personal information handlers.

D. Operation of a department dedicated to personal information protection

The company operates a department dedicated to personal information protection to efficiently protect personal information of the users and strives to promptly correct any problems by checking on the application of the personal information processing policy and the personal information handler.

E. Establishment and implementation of an internal management plan to safely process personal information

F. Installation and operation of access control devices such as an intrusion prevention system to block illegal access to personal information

G. Measures to prevent forgery or alteration of access records

H. Other protective measures necessary to secure the safety of personal information.

10. Personal Information Protection Officer

The company is doing its best to ensure that users can safely use the company's services. Users can report all personal information protection complaints on the use of services to the dedicated department, and the company will respond promptly and faithfully to users' reports.

[Person in charge of personal information protection]

  • Name: Yehyun Kim
  • Affiliation: Security Department
  • Email: admin@assemblecircle.com
  • Phone number: +82-31-697-0499

※ The above contact information is connected to the 'Customer Center for Personal Information Protection'. If you need to report or consult about other personal information infringement, please contact the following organizations.

  • Personal Information Dispute Mediation Committee (www.kopico.go.kr / 1833-6972)
  • Personal Information Infringement Report Center (privacy.kisa.or.kr / 118)
  • Supreme Prosecutors' Office Advanced Crime Investigation Center (www.spo.go.kr/ 02-3480-2000)
  • National Police Agency Cyber Bureau (cyberbureau.police.go.kr / 182)

11. Duty of notice

This personal information processing policy may result in addition, deletion, or modification of the contents due to changes in related laws and guidelines or the needs of the company. In this case, we will notify you through the website or e-mail at least 7 days in advance, and if it is difficult to notify in advance, we will notify you without delay. However, if material changes are made, it will be notified at least 30 days in advance, and will be implemented after 30 days, unless otherwise notified. In addition, we may obtain separate consent from customers if necessary, in accordance with relevant laws and regulations.

Announcement Date: August 23, 2021
Effective Date: September 1, 2021