Privacy Policy

N&PK (the “Company”) establishes the following Privacy Policy in accordance with the Personal Information Protection Act to protect users’ personal information and rights, and to ensure the smooth handling of any complaints related to personal information. The Company will notify users of any revisions to this Privacy Policy through website announcements (or individual notices).

1. Purpose of Personal Information Processing

The Company processes personal information for the purposes of website membership registration and management, handling civil affairs, providing goods or services, and utilizing such information for marketing and advertising activities. The processed personal information will not be used for any purposes other than those specified, and if there is any change in the purpose of use, the Company will obtain the user’s prior consent.

2. Home page membership registration and management

The Company processes personal information for the purposes of verifying the user’s intention to register, identifying and authenticating members for membership-based services, maintaining and managing membership status, implementing limited identity verification as required by law, preventing fraudulent use of services, confirming the consent of legal guardians when collecting personal information from children under the age of 14, providing various notifications and announcements, handling complaints, and keeping records for dispute resolution.

3. Handling Civil Affairs

The Company processes personal information for the purposes of verifying the identity of the complainant, confirming the details of the complaint, contacting and notifying individuals for fact-checking, and providing notifications of the results of the complaint handling process.

4. Provision of Goods or Services

The Company processes personal information for the purposes of providing services, issuing invoices, delivering content, offering personalized services, verifying identity and age, and processing payments and settlements.

5. Use for Marketing and Advertising Purposes

The Company processes personal information for the purposes of developing new products and customized services, providing event and promotional information and participation opportunities, offering services and advertisements based on demographic characteristics, verifying the effectiveness of services, analyzing access frequency, and compiling statistics on members’ service usage.

6. Provision of Personal Information to Third Parties

1. The Company processes personal information only within the scope specified in Article 1 (Purpose of Personal Information Processing), and provides personal information to third parties only in cases that fall under Article 17 and Article 18 of the Personal Information Protection Act, such as when the data subject has given consent or when it is specifically permitted by law.
2. The Company provides personal information to third parties as follows.
   • a. Recipient of Personal Information: Financial institutions and related partners for real-name verification.
   • b. Purpose of Use by the Recipient: Operation of overseas remittance services.
   • c. Items of Personal Information Provided: Name, address, date of birth, occupation, employer’s name, contact information, nationality, resident registration number, source of funds, purpose of remittance, and other information necessary for the provision of overseas remittance services.
   • d. Retention and Use Period by the Recipient: During the transaction period in accordance with the overseas remittance partnership agreement.

7. Status of Personal Information Files

▪ Items of Personal Information: Home address, password question and answer, password, date of birth, home telephone number, gender, login ID, mobile phone number, name, email address, company name, position, company phone number, occupation, department, anniversary date, bank account information, payment records, access IP information, cookies, service usage records, access logs, legal representative’s mobile phone number, legal representative’s home address, legal representative’s home phone number, and legal representative’s name.

▪ Method of Collection: Through the website and automated tools that collect generated information.
▪ Basis for Retention: Consent of the data subject.
▪ Retention Period: Permanent.
▪ Relevant Laws and Regulations: Records related to consumer complaints or dispute resolution – 3 years; records related to the collection, processing, and use of credit information – 3 years; records related to payment and the supply of goods or services – 5 years; records related to contracts or withdrawal of offers – 5 years; records related to labeling and advertising – 6 months.

8. Entrustment of Personal Information Processing

1. The Company entrusts the processing of personal information to external service providers as follows in order to ensure the smooth handling of personal information-related tasks.
2. When entering into an entrustment agreement, the Company specifies in the contract or other written documents, in accordance with Article 25 of the Personal Information Protection Act, matters concerning the prohibition of processing personal information for purposes other than the entrusted tasks, technical and administrative protection measures, restrictions on re-entrustment, management and supervision of the trustee, and liability for damages. The Company also supervises the trustee to ensure that personal information is handled safely.
3. If there are any changes to the details of the entrusted tasks or to the trustee, the Company will promptly disclose such changes through this Privacy Policy.

9. Rights and Obligations of Data Subjects and How to Exercise Them

1. Data subjects may, at any time, exercise the following rights related to the protection of their personal information with respect to the Company.
   • (a) Request to access personal information
   • (b) Request for correction in case of any errors
   • (c) Request for deletion
   • (d) Request to suspend processing
2. The exercise of rights under Paragraph 1 may be carried out with respect to the Company through written request, email, or fax, in accordance with Form No. 8 of the Enforcement Rule of the Personal Information Protection Act. The Company will take prompt action upon receiving such requests.
3. If a data subject requests correction or deletion of personal information due to errors, the Company will not use or provide the relevant personal information until the correction or deletion is completed.
4. The exercise of rights under Paragraph 1 may also be carried out through a legal representative or an authorized agent of the data subject. In such cases, a power of attorney must be submitted in accordance with Form No. 11 of the Enforcement Rule of the Personal Information Protection Act.

10. Items of Personal Information Processed

The Company processes the following items of personal information.

1. Website Membership Registration and Management
   Required Items: Home address, password question and answer, password, date of birth, home telephone number, gender, login ID, mobile phone number, name, email address, company name, position, company telephone number, occupation, department, anniversary date, bank account information, payment records, access IP information, cookies, service usage records, access logs, legal representative’s mobile phone number, legal representative’s home address, legal representative’s home telephone number, and legal representative’s name.
2. Handling of Civil Complaints
   Required items: Home address, password question and answer, password, date of birth, home phone number, gender, login ID, mobile phone number, name, email address, company name, position, company phone number, occupation, department, anniversary date, bank account information, payment records, access IP information, cookies, service usage records, access logs, legal representative’s mobile phone number, legal representative’s home address, legal representative’s home phone number, and legal representative’s name.
3. Provision of Goods or Services
   Required items: Home address, password question and answer, password, date of birth, home phone number, gender, login ID, mobile phone number, name, email address, company name, position, company phone number, occupation, department, anniversary date, bank account information, payment records, access IP information, cookies, service usage records, access logs, legal representative’s mobile phone number, legal representative’s home address, legal representative’s home phone number, and legal representative’s name.
4. Utilization for Marketing and Advertising
   Required items: Home address, password question and answer, password, date of birth, home phone number, gender, login ID, mobile phone number, name, email address, company name, position, company phone number, occupation, department, anniversary date, bank account information, payment records, access IP information, cookies, service usage records, access logs, legal representative’s mobile phone number, legal representative’s home address, legal representative’s home phone number, and legal representative’s name.

11. Destruction of Personal Information

In principle, the Company promptly destroys personal information when the purpose of processing has been achieved. The procedures, deadlines, and methods of destruction are as follows.

1. Destruction Procedure
   Information entered by users is transferred to a separate database (or stored in a separate document in the case of paper records) after the purpose of use has been achieved and is retained for a certain period of time in accordance with internal policies and other relevant laws and regulations, or destroyed immediately. Personal information transferred to a separate database will not be used for any purpose other than that specified by law.
2. Destruction Deadline
   When the retention period of personal information has expired, the Company destroys the personal information within five (5) days from the end date of the retention period. In cases where personal information has become unnecessary, such as when the purpose of processing has been achieved, the relevant service has been discontinued, or the business has been terminated, the personal information will be destroyed within five (5) days from the date it is deemed no longer necessary to retain the information.
3. Destruction Method
   Personal information in electronic file format is deleted using technical methods that make the records irrecoverable. Personal information printed on paper is destroyed by shredding or incineration.

12. Measures to Ensure the Security of Personal Information

In accordance with Article 29 of the Personal Information Protection Act, the Company implements the following technical, managerial, and physical measures necessary to ensure the security of personal information.

1. Minimization and Training of Personnel Handling Personal Information
   The Company designates specific employees to handle personal information and limits the number of such personnel to the minimum necessary, implementing measures to manage personal information securely.
2. Regular Internal Audits
   To ensure the security of personal information handling, the Company conducts regular internal audits on a quarterly basis.
3. Establishment and Implementation of an Internal Management Plan
   The Company establishes and implements an internal management plan to ensure the secure handling of personal information.
4. Encryption of Personal Information
   User passwords are encrypted and stored in a way that only the individual user can know. Important data is protected through separate security functions such as encrypting files and transmission data or using file lock features.

13. Technical Measures Against Hacking and Other Threats

To prevent the leakage or damage of personal information caused by hacking or computer viruses, the Company installs security programs, conducts regular updates and inspections, and installs systems in areas with restricted external access. The Company also monitors and blocks unauthorized access both technically and physically.

14. Access Restriction to Personal Information

The Company takes necessary measures to control access to personal information by granting, modifying, or revoking access rights to the database systems that process personal information. In addition, the Company uses intrusion prevention systems to block unauthorized external access.

15. Retention and Protection of Access Logs

The Company retains and manages access records to the personal information processing system for at least six months, and uses security features to prevent the access logs from being tampered with, stolen, or lost.

16. Use of Locks for Document Security

Documents and auxiliary storage media containing personal information are stored in secure locations equipped with locking devices.

17. cess Control for Unauthorized Personnel

The Company maintains separate physical storage areas for personal information and has established and operates access control procedures for these areas.

18. Designation of Personal Information Protection Officer

1. The Company is responsible for the overall management of personal information processing and has designated a Personal Information Protection Officer as follows to handle complaints and provide remedies related to the processing of personal information.
   Personal Information Protection Officer
   Name: Head of Sales Department, N&PK Co., Ltd.
   Contact Information:: Phone 02-755-6321 Fax 02-755-6320
2. Data subjects may contact the Personal Information Protection Officer and the relevant department for any inquiries, complaints, or requests for remedies related to personal information that occur while using the Company’s services (or business). The Company will respond to and process such inquiries without delay.

19. Changes to the Privacy Policy

This Privacy Policy shall take effect from the effective date, and if there are any additions, deletions, or modifications according to laws or internal policies, the Company will notify such changes through a notice at least seven (7) days prior to the effective date of the changes.