TP
Privacy Policy
TP Privacy Policy
TP Inc. (hereinafter referred to as the "Company") regards the protection of users’ personal information as highly important and the Company establishes and discloses the following Privacy Policy to protect the personal information of data subjects and promptly and smoothly handle complaints upon Personal Information Protection Act Article 30.
The Company has made this Privacy Policy publicly available on the Company's website (www.tp-inc.com) so that it is easily recognizable.
This Privacy Policy is subject to change in accordance with applicable laws and the Company's internal policies, and any revisions to the Privacy Policy will be announced on the Company's website so that anyone can easily check the revisions.
■ Key Personal Information Processing
[Table of Contents]
Article 1 (Purposes of Processing Personal Information)
Article 2 (Processing and Retention of Personal Information)
Article 3 (Provision of Personal Information to Third Parties)
Article 4 (Entrustment of the Processing of Personal Information)
Article 5 (Rights and Obligations of the Data Subject and Legal Representatives and Method of Exercising)
Article 6 (Destruction Methods and Process of Personal Information)
Article 7 (Measures to Ensure Safety of Personal Information)
Article 8 (Privacy Officer)
Article 9 (Request for Access to Personal Information)
Article 10 (Installation and Operation of Visual Data Processing Devices)
Article 11 (Remedies against Infringement of Rights)
Article 12 (Obligation of Notification)
Article 13 (Matters Concerning the Change of the Privacy Policy)
ADDENDUM
Article 1 (Purposes of Processing Personal Information)
The processed personal information shall not be used for any purpose other than the purposes provided below, and if there is any change to such purposes, then the Company shall take necessary measures such as obtaining separate consent within the scope required according to Personal Information Protection Act Article18.
1. Responding to Business Inquiries
Personal information shall be processed for the purpose of contacting and notifying customers to confirm and respond to inquiries relating to products and/or services.
2. Complaint handling
Personal information shall be processed for the purpose of verifying the identity of the complainant, confirming complaints, contacting/notifying for fact finding and reporting processing results, etc.
3. Reporting to the Ethics Reporting Center
Personal information shall be processed for the purpose of verifying the identity of the informant, confirming the contents of the report, contacting/notifying to process the reported complaint and reporting processing results, etc.
Article 2 (Processing and Retention of Personal Information)
① The Company shall process and retain personal information within the period upon relevant laws and regulation or the consent obtained by data subjects at the time of personal information was collected.
② The items of personal information collected and the retention period for each shall be as follows:
③ Notwithstanding the provisions of Para. 1, in the following cases below, personal information may be processed and retained until the relevant incident is closed. If there is discrepancy in period thereof, the longer period shall survive.
1. Records on consumer complaints or dispute resolution: 3 years (Act On The Consumer Protection In Electronic Commerce)
2. In cases of ongoing investigations for violation of applicable laws and regulations: until such investigation is closed
3. In cases where a legal dispute such as a lawsuit is in progress between the data subject and the Company: until the termination of such proceedings is finalized
4. In cases where separate consent is received from the data subject: until the period agreed upon separately
5. In cases where there are special provisions in other laws: until the period stipulated by such other laws
Article 3 (Provision of Personal Information to Third Parties)
① The Company shall process the personal data of the data subject only to the extent specified in Article 1 (Purposes of Processing Personal Information). Personal information shall be provided to third parties only in accordance with Articles 17 and Article 18 of the Personal Information Protection Act, including the consent of the data subject and special provisions of the law.
② The Company does not currently have a history of providing personal information to third parties to fulfill the purposes of Article 1.
③ Personal information may be provided to third parties without the prior consent of the data subject in the following cases:
1. In cases where there are special provisions stipulated in other laws
2. In cases where it is unavoidable to comply legal obligations
3. In cases where it is clearly recognized as urgently necessary for the interests of the life, body, or property of the data subject or a third party
4. In cases where it is necessary to achieve the legitimate interests of the Company and clearly takes precedence over the rights of the data subject ( Restricted to only if it is substantially related to the interests of the processor of the personal information and does not exceed a reasonable scope)
5. In cases where it is urgently necessary for public safety and well-being, such as public health
Article 4 (Entrustment of the Processing of Personal Information)
① The Company does not entrust the processing of personal information to achieve the purpose of Article 1.
② If the processing of personal information is entrusted, the entrusted party, the entrusted content, the period of entrustment, and the contents of the entrustment contract shall be notified through the notice and/or Privacy Policy. Also, prior consent will be obtained if needed.
Article 5 (Rights and Obligations of the Data Subject and Legal Representatives and Method of Exercising)
① Data subject may exercise the following rights related to personal information protection against the Company at any time:
1. Request for access to personal information
2. Request for correction of errors, etc.
3. Request for deletion
4. Request for suspension of processing
② The rights specified in Para. 1 may be exercised in writing, by email, fax, etc. upon Para.1 of Article 41 of Personal Information Protection Act Enforcement Decree and the Company shall take action without delay.
③ In the case of requests for access and suspension of processing of personal information, the rights of the data subject may be restricted in accordance with Para. 4 of Article 35 and Para. 2 of Article 37 of the Personal Information Protection Act.
1. Where access is prohibited or restricted by law
2. Where access may cause harm to other person’s life or body, moreover, infringe other person’s property and interest unreasonably
3. Where access significantly interferes conducting public institution’s following duties:
(a) Imposition, collection or refund of taxes
(b) Evaluation of academic achievements or admission affairs at the schools of each level established under the Elementary and Secondary Education Act and the Higher Education Act, lifelong educational facilities established under the Lifelong Education Act, and other higher educational institutions established under other statutes
(c) Testing and qualification examination regarding academic competence, technical capability, and employment
(d) Ongoing evaluation or decision-making in relation to compensation or grant assessment
(e) Ongoing audit and examination under other statutes
④ The rights specified in Para. 1 may be exercised by a representative, such as a legal representative of the data subject or a person authorized to do so. In this case, a power of attorney must be submitted in the form of Annex No. 11 of the Public Notice of Personal Information Processing Methods.
⑤ A request for correction or deletion of personal information may not be made if the collection of its personal information is enforced by laws and regulations.
⑥ In case where there is a request for access, correction, deletion, or suspension of processing of personal information, the Company shall verify whether the person requesting access, etc., is the data subject itself or its authorized representative.
Article 6 (Destruction Methods and Process of Personal Information)
① The Company shall promptly destroy personal information when it becomes unnecessary, such as upon the expiration of the retention period or the achievement of the processing purpose.
② If there is a need to continue to preserve personal information in accordance with other laws and regulations even though the retention period for which consent was received from data subjects has elapsed or the purpose of processing such personal information has been achieved, the relevant personal information shall be preserved after transferring to a separate database (DB) or other storage place.
③ The procedure and methods for destruction of personal information shall be as below.
1. Destruction Procedure
The Company shall select personal information subject to destruction and destroy such personal information after obtaining approval from the Company’s privacy officer.
2. Destruction Methods
The Company shall destroy personal information recorded and stored in the form of an electronic file through methods so that such information cannot be reproduced, and personal information recorded and stored in paper documents shall be destroyed by either shredding with a shredder or incinerating.
Article 7 (Measures to Ensure Safety of Personal Information)
The Company implements the following measures to ensure the safety of personal information.
1. Administrative measures: establishment and implementation of an internal management plan, regular employee training, etc.
2. Physical measures: access control to computer rooms and data storage rooms, etc.
3. Technical measures: control of access rights to personal information processing systems, installation of access control systems, installation of security programs, etc.
Article 8 (Privacy Officer)
① The Company has designated a privacy officer as below who is responsible for overall handling processing and access of personal information, and handling complaints and damage relief of data subjects and etc.
▶ Privacy officer
Name: Seongi Min
Job title/position: Head/General Manager of the Innovation Force Team
Contact information: 02-3494-9090 (seongi@tp-inc.com)
▶ Privacy Office
Department: Ethics & Internal Audit Team
Name/job title/contact information: Gi-bok Shin/Head of Ethics & Internal Audit Team/02-3494-9642
Department: Innovation Force Team
Name/job title/contact information: Youjin Kim /Staff of the Innovation Force Team /02-3494-9347
② Data subjects may contact a privacy officer or the department in charge regarding all personal-information-protection-related inquiries, handling of complaints, damage relief, etc., that arise while using the Company's services (or business). The Company shall respond to and process inquiries from data subjects without delay.
Article 9 (Request for Access to Personal Information)
The data subject may request access to personal information subject to Article 35 of the Personal Information Protection Act from the following department. The Company shall endeavor to process the data subject's request for access to personal information promptly.
▶ Department in charge of demand for access to personal information
Department: Ethics & Internal Audit Team
Person in charge: Gi-bok Shin
Job title/position: Head/General Manager of the Ethics & Internal Audit Team
Contact information: 02-3494-9642
Department: Innovation Promotion Team
Person in charge: Youjin Kim
Job title/position: Staff/Manager of the Innovation Force Team
Contact information: 02-3494-9347
Article 10 (Installation and Operation of Visual Data Processing Devices)
① The Company installs and operates a fixed visual data processing device for the following purposes in accordance with Para. 1 of Article 25 of the Personal Information Protection Act and Para. 1 of Article 6 of the Enforcement Rules of the Parking Lot Act:
1. Safety and management of facilities and prevention of fire
2. Crime prevention for user safety
3. Prevent vehicle theft and damage in the parking lot
② The installation and operation of fixed visual data processing devices in the Company's facilities are as follows:
③ The Company has a personal image data protection officer to protect the visual data of data subjects and to handle complaints regarding personal visual data as follows:
④ The Company leaves on record and manages matters relating to the personal visual data used out of scope of purpoase, provision to a third party, destruction, access, etc. When the retention period of personal information expires, the data will be permanently deleted (shredded or incinerated in the case of printed materials) in a way that cannot be restored.
⑤ The Company entrusts the installation and management of visual data processing devices as follows. In accordance with the relevant laws and regulations, the entrustment contract stipulates the necessary matters to ensure that personal information is managed safely.
⑥ If the data subject wishes to access, verify the existence of, or delete personal visual data, he or she may request the Company to do so. However, it is limited to personal visual data in which the data subject is photographed and personal visual data clearly necessary for the imminent protection of the data subject's life, body, and property.
⑦ The Company take measures to ensure the safety of personal visual data as follows:
1. Administrative measures: establishment of an internal management plan, control of access to personal visual data, and application of a hierarchy of authority
2. Physical measures: access control and installation of locks to the storage location of personal visual data
3. Technical measures: application of safe storage and transmission technology for personal visual data, keeping processing records
Article 11 (Remedies against Infringement of Rights)
The data subject may apply Personal Information Dispute Resolution Committee, Personal Information Infringement Reporting Center of the Korea Internet Security Agency, etc., for settlement of disputes or counseling for the purpose of remedying infringement of personal information. With regard to other reports and consultation on infringement of personal information, please contact the organizations as below.
▶ Personal Information Infringement Report Center [Korea Internet & Security Agency (KISA)]
- Responsibilities: Report personal information infringement, apply for counseling
- Website: https://privacy.kisa.or.kr
- TEL: (without area code) 118
- Address: (58324) Personal Information Infringement Reporting Center of Korean Internet Security Agency (Bitgaram-dong 301-2) 3F, 9, Jinheung-gil, Naju-si, Jeollanam-do, Korea
▶ Personal Information Dispute Mediation Committee
- Responsibilities: personal information dispute mediation application, collective dispute mediation (civil settlement)
- Website: https://www.kopico.go.kr
- TEL: (without area code) 1833-6972
- Address: (03171) 12F, 209, Sejong-daero, Jongno-gu, Seoul, Korea
▶ Cybercrime Investigation Department, the Prosecutors’ Office: (without area code) paid call 1301 (https://www.spo.go.kr)
▶ Cyber Bureau of the Korean National Police Agency: (without area code) paid call 182 (https://ecrm.cyber.go.kr/minwon/main)
Article 12 (Obligation of Notification)
In cases where the contents of the Privacy Policy are added, deleted, or modified in accordance upon amendments to laws and regulations or the Company's policies, notification shall be provided on the website seven days prior to the revision. However, in the event of a material change to user rights, notification shall be made at least 30 days in advance.
Article 13 (Matters Concerning the Change of the Privacy Policy)
In the event that the Company makes changes to the Privacy Policy, the Company shall post relevant notices on the Company's website and shall keep up posting.
ADDENDUM
Article 1 (Effective Date) This Privacy Policy shall be effective from April 1, 2024.