{"id":397,"date":"2025-04-01T13:41:51","date_gmt":"2025-04-01T04:41:51","guid":{"rendered":"http:\/\/dyauto.manuale.co.kr\/?page_id=246"},"modified":"2025-04-01T13:41:51","modified_gmt":"2025-04-01T04:41:51","slug":"privacy","status":"publish","type":"page","link":"https:\/\/dydeokyang.manualgraphics.com\/en\/privacy\/","title":{"rendered":"Privacy Policy"},"content":{"rendered":"\n<h3 class=\"wp-block-heading\"><strong>Chapter 1. General Provisions<\/strong><\/h3>\n\n\n\n<h5 class=\"wp-block-heading\"><strong>Article 1 (Purpose)<\/strong><\/h5>\n\n\n\n<p>This guideline is established pursuant to Article 29 of the Personal Information Protection Act (duty of safety measures) to define internal management measures. The purpose is to systematically manage personal information handled by the company and to prevent loss, theft, leakage, alteration, damage, misuse, or abuse of such data.<\/p>\n\n\n\n<h5 class=\"wp-block-heading\"><strong>Article 2 (Scope of Application)<\/strong><\/h5>\n\n\n\n<p>This policy applies to personal information collected, used, provided, or managed both online and offline (e.g., by documents, phone, fax). It applies to all internal employees and external personnel who handle such information.<\/p>\n\n\n\n<h5 class=\"wp-block-heading\"><strong>Article 3 (Definitions)<\/strong><\/h5>\n\n\n\n<ol class=\"wp-block-list\">\n<li>\u201cPersonal Information\u201d: Information identifying a living individual, including name, resident registration number, and video, or information that can be easily combined with other data to identify an individual.<\/li>\n\n\n\n<li>\u201cProcessing\u201d: Collection, creation, recording, storage, retention, editing, use, provision, destruction, etc.<\/li>\n\n\n\n<li>\u201cData Subject\u201d: An individual identifiable through processed data.<\/li>\n\n\n\n<li>\u201cChief Privacy Officer\u201d: Person in charge of overseeing and deciding the processing of personal information under Article 31 of the law.<\/li>\n\n\n\n<li>\u201cHandler of Personal Information\u201d: Person authorized to process personal information under the direction of the CPO.<\/li>\n\n\n\n<li>\u201cPersonal Information Processing System\u201d: A database system designed to handle personal information.<\/li>\n\n\n\n<li>\u201cVideo Surveillance Device\u201d: Includes CCTV and network cameras.<\/li>\n\n\n\n<li>\u201cOperator of Video Surveillance Devices\u201d: Person who installs and operates such devices under Article 25(1).<\/li>\n<\/ol>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Chapter 2. Duties and Responsibilities of the Personal Information Protection Officer<\/strong><\/h3>\n\n\n\n<h5 class=\"wp-block-heading\"><strong>Article 4 (Appointment of Chief Privacy Officer)<\/strong><\/h5>\n\n\n\n<p>\u2460\u00a0 The company designates a person in an appropriate executive position as the Chief Privacy Officer in accordance with Article 32(2) of the Enforcement Decree.<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Chief Security Officer responsible for establishing and overseeing security operation plans<\/li>\n\n\n\n<li>Head of the department in charge of directing and coordinating overall security operations<\/li>\n<\/ol>\n\n\n\n<h5 class=\"wp-block-heading\"><strong>Article 5 (Duties and Responsibilities of the Personal Information Protection Officer)<\/strong><\/h5>\n\n\n\n<p>\u2460\u00a0 The Personal Information Protection Officer shall perform the following duties to protect the personal information of data subjects:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Establish and implement personal information protection plans<\/li>\n\n\n\n<li>Conduct regular assessments and improvements of personal information processing practices<\/li>\n\n\n\n<li>Handle complaints and provide remedies related to personal information processing<\/li>\n\n\n\n<li>Establish an internal control system to prevent leakage, misuse, and abuse of personal information<\/li>\n\n\n\n<li>Develop and implement training plans on personal information protection<\/li>\n\n\n\n<li>Supervise the protection and management of personal information files<\/li>\n\n\n\n<li>Establish, revise, and implement personal information protection guidelines in accordance with Article 30 of the Act<\/li>\n\n\n\n<li>Manage documents related to personal information protection<\/li>\n\n\n\n<li>Destroy personal information once the processing purpose has been fulfilled or the retention period has expired<\/li>\n<\/ol>\n\n\n\n<p>\u2461 The Personal Information Protection Officer may, if necessary for performing their duties, investigate the current status and system of personal information processing at any time or request reports from relevant personnel.<\/p>\n\n\n\n<p>\u2462 If the Personal Information Protection Officer becomes aware of any violations of this Act or related laws in connection with personal information protection, they must take immediate corrective measures.<\/p>\n\n\n\n<h5 class=\"wp-block-heading\"><strong>Article 6 (Scope, Duties and Responsibilities of Personal Information Handlers)<\/strong><\/h5>\n\n\n\n<p>\u2460 The scope of personal information handlers is defined as follows:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Individuals who perform tasks involving the processing of personal information of data subjects within DY Deokyang Co., Ltd.<\/li>\n<\/ol>\n\n\n\n<p>\u2461 \u00a0Duties and responsibilities of personal information handlers:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Comply with and implement the internal management plan<\/li>\n\n\n\n<li>Fulfill technical and administrative measures for the protection of personal information<\/li>\n\n\n\n<li>Do not disclose personal information learned in the course of work to third parties<\/li>\n<\/ol>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Chapter 3. Technical and Administrative Safeguards for Personal Information<\/strong><\/h3>\n\n\n\n<h5 class=\"wp-block-heading\"><strong>Article 7 (Access Control and Authentication for Personal Information Handlers)<\/strong><\/h5>\n\n\n\n<p>\u2460 Access rights to the personal information processing system shall be granted to personal information handlers only to the minimum extent necessary for their duties, and differentiated based on their job responsibilities.<br>\u2461 In the event of personnel changes such as transfers or resignations, the access rights of the relevant personal information handler must be promptly modified or revoked.<br>\u2462 Records of the granting, modification, or revocation of access rights shall be documented and retained for at least three years.<br>\u2463 When issuing user accounts for accessing the personal information processing system, each personal information handler shall be issued a unique account that must not be shared with others.<br>\u2464 When a personal information handler accesses the personal information processing system via an external network, a secure connection method such as a virtual private network (VPN) or dedicated line must be used.<\/p>\n\n\n\n<h5 class=\"wp-block-heading\"><strong>Article 8 (Encryption of Personal Information)<\/strong><\/h5>\n\n\n\n<p>\u2460 The company shall encrypt resident registration numbers and passwords using secure encryption algorithms. In particular, passwords must be stored using one-way encryption so that they cannot be decrypted.<br>\u2461 When transmitting personal information via communication networks or external storage media, the data must be encrypted.<br>\u2462 When storing personal information on a work computer (PC), personal information handlers must use commercial encryption software or secure encryption algorithms.<\/p>\n\n\n\n<h5 class=\"wp-block-heading\"><strong>Article 9 (Prevention of Forgery or Tampering with Access Logs)<\/strong><\/h5>\n\n\n\n<p>\u2460 Access logs of personal information handlers to the personal information processing system must be retained for at least six months.<br>\u2461 These access logs must be securely stored to prevent forgery, tampering, theft, or loss.<\/p>\n\n\n\n<h5 class=\"wp-block-heading\"><strong>Article 10 (Installation and Operation of Security Programs)<\/strong><\/h5>\n\n\n\n<p>\u2460 The company must install and operate security software such as antivirus programs on personal information processing systems and work computers to prevent and remediate malicious code.<br>\u2461 The automatic update function of security programs must be enabled.<br>\u2462 In the event of security alerts related to malicious code or when software vendors release security updates, those updates must be applied immediately.<\/p>\n\n\n\n<h5 class=\"wp-block-heading\"><strong>Article 11 (Physical Access Control)<\/strong><\/h5>\n\n\n\n<p>\u2460 If the company maintains physical locations for storing personal information such as server rooms or data archives, access control procedures must be established and implemented.<br>\u2461 Documents or external storage media containing personal information must be stored in a secure, locked location.<br>\u2462 When accessing restricted physical facilities or viewing personal information, access logs and records of reviewed content must be maintained.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Chapter 4. Personal Information Protection Training<\/strong><\/h3>\n\n\n\n<h5 class=\"wp-block-heading\"><strong>Article 12 (Establishment of Personal Information Protection Training Plan)<\/strong><\/h5>\n\n\n\n<p>\u2460 The Personal Information Protection Officer shall establish an annual personal information protection training plan that includes the following items and report it to the HR team:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Purpose and target of the training<\/li>\n\n\n\n<li>Training content<\/li>\n\n\n\n<li>Training schedule and methods<\/li>\n<\/ol>\n\n\n\n<p>\u2461 The Personal Information Protection Officer shall strive to raise employee awareness regarding the protection of data subjects\u2019 personal information and shall conduct annual personal information protection training for all employees to proactively prevent the misuse, abuse, or leakage of personal information.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Chapter 5. Response to Personal Information Breaches and Remedies<\/strong><\/h3>\n\n\n\n<h5 class=\"wp-block-heading\"><strong>Article 13 (Remedies for Infringement of Rights and Interests)<\/strong><\/h5>\n\n\n\n<p>\u2460 If a data subject has suffered harm due to a violation of personal information rights, they may request dispute resolution or counseling from the Personal Information Dispute Mediation Committee or the Korea Internet &amp; Security Agency\u2019s Personal Information Infringement Report Center. In addition, inquiries regarding the reporting and consultation of personal information infringements can be directed to the following organizations:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Personal Information Dispute Mediation Committee(www.1336.or.kr \/ 1336)<\/li>\n\n\n\n<li>ePrivacy Certification Committee(www.eprivacy.or.kr \/ +82-2-580-0533~4)<\/li>\n\n\n\n<li>Supreme Prosecutors\u2019 Office Cyber Crime Investigation Center(icic.sppo.go.kr \/ +82-2-3480-3600)<\/li>\n\n\n\n<li>National Police Agency Cyber Terror Response Center(www.ctrc.go.kr \/ +82-2-392-0330)<\/li>\n<\/ol>\n","protected":false},"excerpt":{"rendered":"<p>Chapter 1. General Provisions Article 1 (Purpose) This guideline is established pursuant to Article 29 of the Personal Information Protection Act (duty of safety measures) to define internal management measures. The purpose is to systematically manage personal information handled by the company and to prevent loss, theft, leakage, alteration, damage, misuse, or abuse of such [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"basic.php","meta":{"footnotes":""},"class_list":["post-397","page","type-page","status-publish","hentry"],"acf":[],"_links":{"self":[{"href":"https:\/\/dydeokyang.manualgraphics.com\/en\/wp-json\/wp\/v2\/pages\/397","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/dydeokyang.manualgraphics.com\/en\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/dydeokyang.manualgraphics.com\/en\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/dydeokyang.manualgraphics.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/dydeokyang.manualgraphics.com\/en\/wp-json\/wp\/v2\/comments?post=397"}],"version-history":[{"count":0,"href":"https:\/\/dydeokyang.manualgraphics.com\/en\/wp-json\/wp\/v2\/pages\/397\/revisions"}],"wp:attachment":[{"href":"https:\/\/dydeokyang.manualgraphics.com\/en\/wp-json\/wp\/v2\/media?parent=397"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}