COWAY

1. (1) Particulars of personal information to be collected

   The Company shall collect the following personal information for the use of the company site services of Coway.

   Descriptions	How to collect and use	Particulars to collect and use
   Affiliate propositions	To listen to opinions from and to participate in various fields such as business alliance proposition, advertising affiliate, etc.	(Required) Company name, email, phone number
   News subscription	Service for providing promotional articles	(Required) Email, country, company, occupation

2. (2) The Company may collect personal information in the following ways: The Company shall collect personal information entered directly or written by users when using websites and mobile service (web/app) or through fax, phone, and e-mail, call center, etc., and automatically collect personal information based on the use of smart devices, websites, or apps.

3. (3) Consent items for collection of personal information shall be divided into mandatory consent items for minimum personal information required to provide services and optional consent items for other personal information, and the Company shall prepare a process for providing such consent, respectively. The Company shall not refuse to provide services because of not providing personal information in addition to the minimum necessary personal information.

In this section, we provide the legal grounds on which we rely to process your personal information. Under each legal ground, we explain the purposes for which we collect and use your personal informatio

Provision of Services based on your contractual relationship with us

• -   provide you with the Services
• -   respond to your inquiries

Use of information for legitimate business interests of us and/or third parties

• -   effectively manage our relationship with you through, for example, resolving technical issues and sending you necessary information relating to our Services
• -   effectively manage our business through, for example, generating reports and analyzing the performance of our Services (with regards to the use of aggregated information), auditing our business processes, or using statistics to make informed business decisions.

Where we rely on our legitimate interests, we have carried out a balancing test to document our interests to consider the impact of the processing on individuals and determine whether individuals‘interests outweigh our interests in processing the information. You can obtain more information about this balancing test by using the contact details at the end of the notice.

• -   provide you with news subscription service.
• -   place cookies and use similar technologies in accordance with our Cookies Policy and the information provided to you when those technologies are used.

On other occasions where we ask for your consent, we will use the data for the purposes which we explain each time. In such case that requires your consent, you will have the right to withdraw your consent at any time. To exercise this right, please see the “Your Rights” section below.

We will use your personal information for the purposes we initially collected for, unless we reasonably determine that an additional purpose that is compatible with the initial purpose is necessary. If there is any need to your personal information for any extraneous purpose, we will notify you and explain any legal basis that allows such use.

• - To comply with and to enforce applicable legal requirements; or
  To respond to requests from government or law enforcement

In principle, the Company shall not use users’ personal information or provide it to other persons, companies, or institutions beyond the scope notified in “2. The purpose of the collection and use of personal information.” However, the following cases shall be excluded:

1. (1) Where a user agrees to the provision of personal information to a third party;
2. (2) Where there are special provisions in other laws;
3. (3) Where there is a request from an investigation agency in accordance with the relevant laws or the procedures and methods stipulated in the laws;
4. (4) Where necessary for contract implementation and fee settlement
5. (5) Where necessary for statistical purposes, marketing analysis, or market research and where personal information is processed in a form that cannot identify a specific individual and provided to an external institution, organization, etc.; or
6. (6) Personal information necessary for the implementation of the contract for service provision, which is remarkably difficult to obtain ordinary consent for economic and technical reasons.

1. (1) The company shall outsource personal information as follows to smoothly perform work such as providing better customer service and convenience:

2. (2) If the Company does not use the service related to the work entrusted to an outsourcing company, the user’s personal information shall not be provided to the outsourcing company.

   Outsourcing company	Detailed outsourcing	Period of retention and use of personal information
   Amazon Web Services	Infrastructure management for service provision	Until the end of outsourcing purposes and outsourcing contracts
   Megazone	website management and operation, Information computer processing and maintenance
   LG U+	SMS management and network maintenance

1. (1) In principle, users’ personal information shall be destroyed without delay when the purpose of collection and use of personal information is achieved. However, the following information shall be retained for a specified period for the respective reasons.

2. (2) The company shall keep its member information for a certain period as stipulated by the relevant laws and regulations, if it is necessary to retain such information in accordance with the provisions of relevant laws such as the Commercial Act and the Act on the Consumer Protection in Electronic Commerce, etc. In such a case, the Company shall use the retained information only for the purpose of keeping the information, and the retention periods are as follows:

   1. 1. Records on the cancellation of contracts or orders

      • -   orage basis: Act on the Consumer Protection in Electronic Commerce, etc.
      • -   orage period: Five years

   2. 2. Records on payment and the supply of goods, etc.

      • -   orage basis: Act on the Consumer Protection in Electronic Commerce, etc.
      • -   orage period: Five years

   3. 3. Records on consumer complaints or dispute processing

      • -   orage basis: Act on the Consumer Protection in Electronic Commerce, etc.
      • -   orage period: Three years

   4. 4. Records on visiting websites

      • -   orage basis: Protection of Communications Secrets Act
      • -   orage period: Three months

3. (3) The storage period of the personal information retained in accordance with the Company’s internal policy is as follows:

   1. 1. Where receiving the consent of users individually: An agreed period
   2. 2. Personal information collected when receiving a website affiliate proposition: One month after the completion of termination
   3. 3. Personal information collected when applying for the subscription of website news: Immediately destroy when subscription is canceled

In principle, the Company shall destroy the information without delay after the purpose of collection and use of personal information is achieved. Specific destruction procedures and methods are as follows:

1. (1) Destruction procedures

   1. 1. The information entered for membership registration, etc., shall be transferred to a separate DB after the purpose is achieved (separate filing box for the information in paper) and destroyed after being stored for a certain period in accordance with internal policies and other relevant laws and regulations (refer to “6. The period for retaining and using personal information”).

   2. 2. This personal information shall not be used for any other purpose other than being retained unless otherwise specified by laws.

2. (2) Destruction methods

   1. 1. Personal information printed on paper shall be shredded with a shredder or destroyed through incineration.

   2. 2. Personal information stored in the form of electronic files shall be deleted using a technical method that cannot reproduce the record.

1. (1) Users and their legal representatives may at any time view or modify their registered personal information and may also ask the Company to unsubscribe from membership.

2. (2) A direct view, correction, or withdrawal shall be possible after going through the identity verification process by clicking [Change Personal Information] to view or edit personal information and clicking [Withdraw Membership] to cancel membership (consent withdrawal).

3. (3) If a user contacts the person in charge of personal information protection management in writing, by phone, or e-mail, the Company will take action after checking.

4. (4) When a user requests the correction of any error in personal information, the Company shall not use or provide the personal information until such correction is completed. In addition, if the Company has already provided incorrect personal information to a third party, it will notify the third party of the result of the correction without delay, so that the correction is made to such provided personal information. The Company shall process personal information that has been canceled or deleted at the request of a user or legal representative as specified in “6. The period for retaining and using personal information” and process so that such information cannot be viewed or used for other purposes.

To provide customized services to users, the Company uses cookies to store and retrieve users’ information from time to time. Cookies are a small amount of information sent by the server (HTTP) used to operate the website to users’ computer browsers and may be stored on the hard disk of users’ PC computers. The Company uses cookies for the following purposes:

1. (1) Purposes of using cookies

   1. The Company uses them to provide targeted marketing and personalized service by analyzing the frequency of access and visit time of members and non-members, identifying users’ tastes and interests, tracking traces, and identifying the degree of participation in various events and the number of visits.

2. (2) The installation, operation, and denial of cookies
   Users have options for cookie installation. Therefore, users may accept all cookies by setting options in their web browser, confirm whenever cookies are saved, or refuse to store any cookies. However, if a user refuses to store cookies, some services that require login cannot be used.

   -   Examples for how to refuse cookie settings

   1. ㆍ For Internet Explorer: Go to the “Tools” menu at the top of the web browser > “Internet Options” > “Privacy” > “Settings”

   2. ㆍ For Chrome: Go to the “Settings” menu on the right side of the web browser > “Advanced” at the bottom of the screen > “Privacy and security” setting button > Cookies

The Company takes the following technical/administrative measures to secure stability so that personal information is not lost, stolen, leaked, altered, or damaged in processing users’ personal information:

1. (1) Measures for hacking

   1. The Company does its best to prevent leakage or damage to members’ personal information from hacking or computer viruses. The Company frequently backs up data in preparation for damage to personal information, uses the latest vaccine program to prevent leakage or damage to users’ personal information or data, and ensures that personal information can be safely transmitted over the network through encrypted communication, etc. In addition, the Company controls unauthorized access from outside using an intrusion prevention system, etc., and takes all possible technical and administrative protective measures to secure other system security.

2. (2) Minimization of personal information processing staff and education

   1. The Company limits the personnel processing personal information to persons in charge, grants a separate password for this purpose and updates it regularly, and always emphasizes the observance of the Personal Information Processing Policy by training the persons in charge.

3. (3) Operation of exclusive organization for information privacy

   1. If a problem is found by checking the implementation of the Personal Information Processing Policy and the compliance of persons in charge through the in-house exclusive organization for information privacy, the Company endeavors to correct and rectify the problem immediately. However, the Company shall not be responsible for any problems caused by the leakage of personal information such as IDs, passwords, and real-name authentication values due to users’ negligence or problems on the Internet.

4. (4) Encryption of personal identification information

   1. Real name authentication values, subscription authentication information, phone numbers, account numbers, and addresses that can be personally identified shall be encrypted, stored, and managed, so only the person himself/herself can check and change his/her personal information.

5. (5) Prevention of falsification and alteration of access records

   1. When a personal information handler accesses the personal information processing system and processes personal information, access date and time, processing history, etc., shall be saved, and access records shall be kept in a separate location.

Please accurately input your up-to-date personal information to prevent unexpected accidents. Users shall be responsible for any accidents that occur due to the inaccurate information entered by them, and if a user enters false information, such as by stealing other people’s information, his/her membership may be canceled or his/her use of Coway’s website may be suspended. Users shall be responsible for maintaining the security of the ID and password related to the users’ personal information. In addition to the right to privacy, you also have an obligation to protect yourself and not infringe on the information of others. The Company does not directly ask users about their password in any way, so use great caution to not leak your password to others. Please be careful not to damage other people’s personal information, including postings. If you fail to fulfill this responsibility and damage the information of others, you may be punished by relevant laws and regulations. In particular, be extra careful when online in a public place. The Company has designated a privacy officer and persons in charge of collecting opinions and handling complaints about personal information.

The Company has designated a privacy officer and operates the system as follows to protect customers’ personal information and handle complaints related to personal information:

• -   Privacy Officer: Managing Director Kim Dong-hyun of DX Center
• -   Personal Information Protection Department : Infrastructure Security Team
• -   Urgent submission of personal information

  • ㆍ Contact: 02-2163-4308 (FAX : 02-6480-8240)

  • ㆍ E-Mail : privacy@coway.com

• -   The above contact/e-mail address is a dedicated number to give priority to emergency consultations related to personal information.
• -   For general AS reception/consultation, please use the representative number (1588-5200).
  However, if it is difficult to connect to the emergency contact number, please contact the customer center (1588-5200) or the Kakao Coway customer center, and we will provide a prompt consultation.
• Also, you can resolve disputes or receive consultation regarding personal information infringement through the following organizations:
• -   Privacy Call Center (privacy.kisa.or.kr / 118 without area code)
• -   Personal Information Dispute Mediation Committee (www.kopico.go.kr / 1833-6972 without area code)
• -   Supreme Prosecutors’ Office Cyber Crime Division (www.spo.go.kr / 02-3480-3573)
• -   Korean National Police Agency Cyber Bureau (cyberbureau.police.go.kr / 182 without area code)

[ For European Economic Area (EEA) Residents Only ]
If you are in the EEA (that is in the European Union, Iceland, Liechtenstein or Norway), UK or Switzerland, we will transfer your personal information to the Republic of Korea. We will take appropriate measures, in compliance with applicable laws, to ensure that your personal information remains protected. Such measures include for instance the use of EU approved model clauses (or such equivalent standard contractual clauses as may be approved by data protection authorities outside the EEA e.g. in the UK or Switzerland). To request more information or obtain a copy of the contractual agreements or other safeguards in place, please contact us via email at privacy@coway.co.kr

• -   Notification date : 09.14.2021
• -   Enforcement date : 09.14.2021