In order to protect the personal information of data subjects in accordance with Article 30 of the ‘Personal Information Protection Act’ and to handle related grievances promptly and smoothly, Artience ('https://www.artience.com) has established and disclosed its privacy policy as follows.
[Purpose of processing personal information]
Artience ('https://www.artience.com) processes personal information for the following purposes. The personal information that Artience processes will not be used for any purpose other than the following, and if the purpose of use is changed, all necessary measures such as obtaining separate consent, among others, will be taken in accordance with Article 18 of the ‘Personal Information Protection Act.’
[The period of processing and retaining personal information]
Artience processes and retains personal information within the
period of retention and use of personal information in accordance
with the relevant laws and regulations or within the period of
retention and use of personal information agreed upon when
collecting personal information from the data subject. The
personal information processing and retention period is as
follows:
1. Personal information related to the above is retained and used
for the abovementioned purpose of use for three (3) years from the
date of consent to its collection and use.
2. Grounds for retention: Regulations on the preservation of
inquiries about Artience’s services and job applications.
[Rights and obligations of data subjects and their legal representatives and how to exercise them]
Data subjects may exercise their right to access, correct and
erase personal information, or their right to suspend the
processing thereof at any time.
The above rights can be exercised in writing or by e-mail, fax,
etc. in accordance with Article 41 (1) of the Enforcement Decree
of the ‘Personal Information Protection Act,’ and Artience shall
act on the request without delay.
The above rights can be exercised through the data subject’s legal
representative or a person who has been delegated by the data
subject. In this case, the data subject must submit a power of
attorney in the form of Attachment No. 11 of the ‘Notification of
Methods of Processing Personal Information (No. 2020-7).’
The rights of the data subject to view personal information or
suspend the processing thereof may be restricted in accordance
with Articles 35 (4) and 37 (2) of the ‘Personal Information
Protection Act.’
Requests for the correction or erasure of personal information
cannot be made if the personal information is collected pursuant
to other laws.
Artience checks whether the person who has made a request to
access, correct or erase information or suspend its processing
according to the rights of the data subject is the data subject or
his/her legitimate representative.
[Documenting the particulars of personal information to be processed]
Artience processes the following personal information items of the data subject.
[Collection of personal information through cookies]
Artience uses ‘cookies’ to store and find information about the users from time to time. A cookie is a small amount of information that a website sends to a user's computer browser (Internet Explorer, Chrome, etc.). When a user accesses the website, Artience’s computer reads the contents of the cookies in the browser, finds additional information on the user’s computer, and provides the user with the required services without the additional input of the username, among others. Cookies make it possible to identify the user’s computer, but do not personally identify the user. Users have a choice about cookies. By adjusting the options of their web browser, users have the option of accepting all cookies, receiving a notification that is sent when a cookie is installed, or rejecting all cookies.
[Destruction of personal information]
When the personal information retention period has elapsed or
personal information becomes unnecessary upon achievement of the
purpose of information processing among others, Artience destroys
the user’s personal information without delay.
The procedure and method of destroying the user’s personal
information are as follows:
Destruction procedure
Artience selects personal information for which the reason for destruction has arisen and destroys the personal information with the approval of its privacy officer.
Destruction method
Information in the form of electronic files is destroyed using a
technical method that makes it impossible to retrieve or reproduce
the records.
Personal information printed on paper is shredded with a shredder
or destroyed by incineration.
[Measures to ensure the safety of personal information]
Artience takes the following measures to ensure the safety of its users’ personal information.
Minimization and training of personnel responsible for handling personal information
To ensure the strict management of personal information, Artience appoints a limited number of employees to handle personal information and ensures that only they do such work.
Technical measures against hacking, etc.
To prevent leakages or damages of personal information caused by hacking or computer viruses, Artience (including its website) installs a security program, periodically updates and checks it, installs the relevant system in an area where access is controlled from the outside, and monitors and blocks any risks both technically and physically.
Restrictions on access to personal information
Artience takes all necessary measures to control access to personal information by granting, changing, or canceling access rights to the database system that processes its personal information, and uses an intrusion prevention system to prevent unauthorized access from the outside.
[Privacy Officer]
Artience has appointed a privacy officer to take charge of personal information protection including overall personal information processing, the handling of complaints from data subjects, and the provision of damage relief in relation to the processing of their personal information.
Privacy officer (Company)
Privacy officer (Department)
The data subject may ask the privacy officer of either the Company or the Department (see the abovementioned contact points) for information about all personal information protection measures, complaint handling, damage relief, etc. that occur during his/her use of the service (or business) of Artience. Artience responds to and handles all requests from data subjects without delay.
[Request for access to personal information]
The data subject may file a request for access to his/her personal information pursuant to Article 35 of the ‘Personal Information Protection Act’ to the following department, whereas Artience shall make every effort to promptly process the information access request from the data subject.
Department responsible for receiving and processing requests for personal information access
[Remedies for infringements of rights]
In order to receive relief from personal information infringement, the data subject may apply for dispute resolution or consultation to the Personal Information Dispute Mediation Committee or the Personal Information Infringement Report Center of the Korea Internet & Security Agency. For other reports or consultations about personal information infringements, please contact the following organizations.
[Enforcement date of changes to the privacy policy]
This revised personal information processing policy shall enter into effect on April 20, 2022.