Privacy Policy
<NSE Co., Ltd.>(hereinafter "the Company") has established the following policy to protect users' personal information and rights in accordance with the Personal Information Protection Act and to efficiently handle user grievances related to personal information. The Company will announce any revisions to the Privacy Policy through website notices (or individual notifications). The composition of each item in this policy is as follows.
1. General Provisions
2. Purpose and Items of Personal Information Collection and Processing
3. Processing and Retention Period of Personal Information
4. Procedures and Methods for Destruction of Personal Information
5. Rights and Obligations of Data Subjects and Legal Representatives and Their Exercise Methods
6. Matters Concerning Third-Party Provision or Outsourcing of Personal Information
7. Matters Concerning Installation, Operation, and Rejection of Automatic Personal Information Collection Devices
8. Measures to Ensure the Safety of Personal Information
9. Personal Information Protection Officer and Department
10. Remedies for Infringement of Data Subject's Rights
11. Changes to Privacy Policy
1. General Provisions
The notation of personal information subjects in this policy is as follows:
- User: Refers to a corporate business, individual business, or individual who has entered into a paid or free service agreement with the Company and uses the Company's services.
- Member: Refers to an employee belonging to the user's business or organization who is subject to and utilizes the services contracted by the user.
- Data Subject: A collective term referring to both users and their members who have provided personal information.
2. Purpose and Items of Personal Information Collection and Processing
The Company processes personal information for the following purposes. The personal information being processed will not be used for purposes other than the following, and if the purpose of use changes, separate prior consent will be obtained in accordance with Article 18 of the "Personal Information Protection Act."
The Company collects and processes the minimum necessary personal information from users and members for the purposes of identity verification, confirmation of complaints and inquiries, notification of processing results, provision of product materials, and service provision. Detailed purposes for each item are stated in the 'Purpose' section of each item below. However, the collection of 'Service Usage Personal Information' may vary depending on the contracted service type. For On-Premise deployments, all information for service use is collected on servers owned/managed by the user, so the Company does not collect the 'Service Usage Personal Information' described in this section.
Service Type |
Collection of Information in Section ③ |
Storage Location of Product Usage Personal Information |
| Cloud-based | Collected | Servers owned/managed by the Company |
| On-Premise | Not collected | Servers owned by each user |
① Personal Information for Promotion, Consultation, and Contracts
| Category | Collection Purpose | Collection Items | Retention and Usage Period |
| Quote and Implementation Inquiries | Product Consultation | (Required) Name, Company Name, Phone Number, Email, Number of Users | 3 months |
| Product Brochure | Delivery of Product Introduction Materials | (Required) Name, Company Name, Email | 3 months |
| Free Trial | Service Free Trial | (Required) Name, Email | Up to 30 days after service termination |
| Technical Support Inquiries | Service-related Technical Support | (Required) Name, Phone Number, Email | 3 months |
| New Product and Service Development | Delivery of Seminar and New Product Information | (Required) Name, Email, Contact Number | Until membership withdrawal or consent withdrawal |
| Marketing and Advertising | Provision of Event and Advertising Information | (Required) Name, Email, Contact Number | 1 year |
② Contract Personal Information [Written]
| Category | Collection Purpose | Collection Items | Retention and Usage Period |
| Contract | Service Contract Conclusion | (Required) Company Name, Contract Period, Product Information (Type, etc.) | 1 year |
③ Service Provision
| Category | Collection Purpose | Collection Items | Retention and Usage Period |
| Member Registration and Management(Account Information) | Verification of membership registration intent, identification and authentication for membership services, maintenance and management of membership qualifications, prevention of service misuse | (Required) ID, Password, Name, Email(Optional) Phone Number | Until membership withdrawal |
| Service Subscription | Payment Information Entry | (Required) Name, Email, Credit Card Number, Card Expiration Date, First 2 Digits of Password, 6-Digit Date of Birth or Business Registration Number | Up to 6 months after termination for payment dispute preparation, until resolution if there are unpaid amounts |
| Payment | Payment Method Change | (Required) Card Number, Card Expiration Date, First 2 Digits of Password, 6-Digit Date of Birth or Business Registration Number | Up to 6 months after termination for payment dispute preparation, until resolution if there are unpaid amounts |
| Initial Administrator Registration | Product Administrator Registration | (Required) Administrator ID, Administrator Email, Password | Up to 30 days after service termination |
| Service Usage | Service Usage Records | (Required-automatically collected) IP Address, Cookie (ID), Visit Time, Service Usage Records, Misuse Records | Up to 30 days after service termination |
3. Processing and Retention Period of Personal Information
The Company processes and retains personal information within the personal information retention and usage period stipulated by law or the personal information retention and usage period consented to by the data subject when collecting personal information. The Company will destroy personal information without delay when the purpose of collecting or receiving personal information has been achieved. However, if there is a need to retain personal information for a certain period for reasons such as those listed below, the personal information will be retained for a certain period and then destroyed.
a. Retention in accordance with relevant laws
The Company retains personal information for a certain period as stipulated by relevant laws such as the Act on Consumer Protection in Electronic Commerce, etc., and internal policies for reasons such as confirming rights and obligations related to transactions.
| Content | Retention Period | Relevant Laws |
| Records on contracts or subscription withdrawals | 5 years | Act on Consumer Protection in Electronic Commerce, etc. |
| Records on payment and supply of goods | 5 years | Act on Consumer Protection in Electronic Commerce, etc. |
| Records on consumer complaints or dispute handling | 3 years | Act on Consumer Protection in Electronic Commerce, etc. |
| Books and supporting documents for all transactions specified by tax law | 5 years | Framework Act on National Taxes |
| Records on electronic financial transactions | 5 years | Electronic Financial Transactions Act |
| Records on collection/processing and use of credit information | 3 years | Act on the Use and Protection of Credit Information |
| Records on display/advertisement | 6 months | Act on Consumer Protection in Electronic Commerce, etc. |
| Service visit records | 3 months | Protection of Communications Secrets Act |
4. Procedures and Methods for Destruction of Personal Information
a. Destruction Procedures
The Company destroys personal information without delay when it becomes unnecessary, such as when the retention period has expired or the purpose of processing has been achieved. The Company selects personal information for which destruction reasons have occurred and destroys it after obtaining approval from the Company's personal information protection officer.
When a member requests account termination or loses membership qualification, unique identifying information is immediately deleted and processed so that it cannot be restored or used in any way or method.
For paid members, automatic termination may cause issues with providing customer support services related to product usage, so guidance on relevant termination procedures can be provided individually through the Company's relevant departments.
In accordance with the Personal Information Protection Act, for members with no usage records, their personal information is separated from active members, securely stored, and destroyed 2 years after the separation date. The Company will also destroy personal information without delay when the purpose of collecting or receiving personal information has been achieved.
b. Destruction Methods
The Company completely deletes personal information recorded and stored in electronic file format using technical or physical methods that prevent reproduction of the records. Personal information recorded and stored on paper documents is destroyed by shredding or incineration.
5. Rights and Obligations of Data Subjects and Legal Representatives and Their Exercise Methods
Users, as data subjects, may exercise the following personal information protection rights at any time:
① Data subjects may exercise rights such as requesting access to, correction of, deletion of, or suspension of processing of personal information from the Company at any time.
② Rights under paragraph 1 may be exercised against the Company through written documents, email, fax, etc., in accordance with Article 41(1) of the Enforcement Decree of the Personal Information Protection Act, and the Company will take action without delay.
③ The rights under paragraph 1 may be exercised through a legal representative or an authorized agent. In this case, a power of attorney in the format specified in Attachment 11 of the Enforcement Rules of the Personal Information Protection Act must be submitted.
④ The right to access personal information and request suspension of processing may be restricted in accordance with Article 35(5) and Article 37(2) of the Personal Information Protection Act.
⑤ Requests for correction and deletion of personal information cannot be made if the personal information is specified as a collection target in other laws. That is, the Company may refuse access, correction, or deletion of all or part of personal information in the following cases:
1) When access is prohibited or restricted by law
2) When there is concern about harming the life or body of another person or unfairly infringing upon the property and other interests of another person
Additionally, personal information deleted/suspended from processing at the request of the data subject or legal representative is handled in accordance with "3. Processing and Retention Period of Personal Information" and is processed so that it cannot be accessed or used for other purposes.
⑥ When a request for access, correction/deletion, or suspension of processing is made, the Company verifies whether the person making the request is the data subject or a legitimate representative.
6. Matters Concerning Third-Party Provision or Outsourcing of Personal Information
(Third-party Provision) The Company processes personal information only within the scope specified in the purpose of personal information processing and provides personal information to third parties only in cases falling under Articles 17 and 18 of the "Personal Information Protection Act," such as with the consent of the data subject or special provisions of the law, and does not otherwise provide personal information to third parties. However, information may be provided without a separate consent procedure in cases where it is unavoidable to comply with legal provisions or legal obligations, or when requested by public institutions for the performance of their duties as specified by laws and regulations.
(Outsourcing) The Company outsources personal information processing to others for smooth and enhanced services. The Company manages and supervises the outsourced companies to ensure they comply with relevant laws. The outsourcing agencies and the content of outsourced tasks are as follows:
| Recipient | Outsourced Tasks | Provided Items | Retention and Usage Period |
| Credit Card Companies | Service Fee Payment | Payment Information | Until membership withdrawal or termination of outsourcing contract |
7. Matters Concerning Installation, Operation, and Rejection of Automatic Personal Information Collection Devices
① The Company uses 'cookies' to store and periodically retrieve usage information to provide personalized services. Cookies are text files that are automatically transmitted to a member's computer when accessing the Company's site. These cookies are not stored on the PC and are automatically deleted when the browser in use is closed after logout.
Data subjects can set cookie allowance or blocking through web browser option settings. However, if cookie storage is refused, there may be difficulties in using personalized services.
▶ Cookie Allow/Block in Web Browsers
- Chrome: Web Browser Settings > Privacy and Security > Delete Browsing History
- Edge: Web Browser Settings > Cookies and Site Permissions > Manage and Delete Cookies and Site Data
- Internet Explorer: Web Browser Tools > Internet Options > Privacy > Advanced
▶ Cookie Allow/Block in Mobile Browsers
- Chrome: Mobile Browser Settings > Privacy and Security > Delete Browsing History
- Safari: Mobile Device Settings > Safari > Advanced > Block All Cookies
- Samsung Internet: Mobile Browser Settings > Browsing History > Delete Browsing History
② The exercise of rights under paragraph 1 may be made to the Company through written documents, email, fax, etc., in accordance with Article 41(1) of the Enforcement Decree of the Personal Information Protection Act, and the Company will take action without delay.
8. Measures to Ensure the Safety of Personal Information
The Company takes the following technical, administrative, and physical measures necessary to ensure safety in accordance with Article 29 of the Personal Information Protection Act.
1. Administrative Measures: Establishment and implementation of internal management plans, operation of dedicated organizations, regular employee training
2. Technical Measures: Management of access rights to personal information processing systems, installation of access control systems, encryption of personal information, installation and updating of security programs
3. Physical Measures: Access control to server rooms, etc.
9. Personal Information Protection Officer and Department
The Company has designated a personal information protection officer as follows to protect customers' personal information and handle complaints related to personal information.
| ▶ Personal Information Protection Officer - Name/Position: Lee Jong-gil, Team Leader - Contact: 070-7805-8055 - Email: jklee@nsetec.com |
▶ Personal Information Protection Department - Department: Technical Support Team - Contact: 070-7805-8055 - Email: jklee@nsetec.com |
10. Remedies for Infringement of Data Subject's Rights
Data subjects can report all personal information protection-related complaints that occur while using the Company's services (or business) to the personal information protection officer or responsible department. The Company will promptly provide a sufficient response to the data subject's report.
If you need to report or consult about other personal information infringements, please contact the following institutions:
| Institution | Website | Phone Number |
| Personal Information Dispute Mediation Committee | http://www.kopico.go.kr | (No Area Code) 1833-6972 |
| Personal Information Infringement Report Center | http://privacy.kisa.or.kr | (No Area Code) 118 |
| Supreme Prosecutors' Office Cyber Investigation Division | http://www.spo.go.kr | (No Area Code) 1301 |
| National Police Agency Cyber Investigation Bureau | http://ecrm.cyber.go.kr | (No Area Code) 182 |
11. Changes to Privacy Policy
This Privacy Policy is effective from the implementation date, and in case of additions, deletions, or corrections to the content due to changes in laws and policies, we will notify you through announcements starting 7 days before the implementation of the changes.
This policy is effective from October 1, 2024.