LORDPASS Personal Information Processing Policy
Article 1 General Provisions
LORDPASS, a digital distributed identification service operated by Lord System Co., Ltd. (hereinafter referred to as the "Company"), actively protects users' information and complies with the Personal Information Protection Act and other related laws and regulations to inform users of how their personal information is collected and used, and has established and complies with the "Personal Information Processing Policy."
LORDPASS Personal Information Processing Policy may be changed in accordance with changes in related laws, guidelines, and our company's internal operating policies, and in the event of changes to the Personal Information Processing Policy, we will notify users in the manner specified in the related laws and the "Mobile Passport Authentication" Service Terms of Use.
Article 2 Purpose of collection and use of personal information and items of personal information collected
1. Purpose of collection and use
① Establishment of a contract for provision of the "mobile passport authentication" service (identification of the person and confirmation of the person's intent)
② Implementation of the "mobile passport authentication" service (service history inquiry, processing, and notice delivery)
③ Implementation of the "adult authentication" service (adult status inquiry)
④ Use of services of the company and other affiliated/partner companies
2. Personal information items
① Personal information items collected upon membership registration
A. Passport information (all required information)
- Required information: passport number, passport name, date of birth, nationality, gender, passport type, date of issue and expiration date, passport status (authentication of passport, residence qualification authentication), passport copy taken of the actual passport, member photo in the actual passport, facial recognition information
Article 3 Personal information collection method and confirmation method
1.The "Company" collects the user's personal information in the following ways.
① APP, email, bulletin board, etc.
② Collection of generated information through log analysis program
2. Method of verifying passport authenticity and foreigner residence information
① When registering a passport, use passport information to verify passport authenticity and foreigner residence information using the following methods.
- Ministry of Justice Hi Korea (www.hikorea.go.kr), Ministry of Foreign Affairs (Civil Service 24) (www.passport.go.kr), Korea Customs Service TaxRefund exclusive network
Article 4 Retention and Use Period of Personal Information, Destruction of Personal Information
1. Retention and Use Period of Personal Information
① Retention and Use Period of Personal Information
The Company retains and uses personal information until the purpose of collection and use of personal information is achieved or up to 1 year after withdrawal of membership
(However, in cases where preservation is necessary due to the provisions of relevant laws and regulations and where prior consent has been obtained, up to the relevant retention period)
② Retention and Use Period of Personal Information in accordance with relevant laws and regulations
A. Records on contracts or withdrawal of subscription, etc.: Retention period 5 years (Consumer Protection in E-commerce, etc. Act)
B. Records on consumer complaints or dispute resolution: Retention period 3 years (Consumer Protection in E-commerce, etc. Act)
C. Records on displays and advertisements: Retention period 6 months (Consumer Protection in E-commerce, etc. Act)
③ Long-term unused accounts
- In order to protect the personal information of users who have not used the account for 1 year, the account is immediately destroyed or stored and managed separately from the personal information of other users.
2. Procedure and method for destroying personal information
① Procedure for destroying personal information
The user's personal information will be destroyed immediately after one year from the time of withdrawal from the service or expulsion from membership, and the user will be notified via e-mail, etc. of the fact that the personal information will be destroyed, the expiration date, and the items of personal information to be destroyed, and the relevant personal information will be destroyed.
② Method for destroying personal information
The methods for destroying personal information are as follows.
- In the case of written personal information, shredding or incineration
- In the case of electronic files, destruction so that they cannot be restored or reproduced using technical methods
Article 5 Use of personal information for purposes other than those intended and provision of personal information to third parties
1. The "Company" provides personal information to third parties only when it obtains the "User's" legal consent in accordance with the Personal Information Protection Act or when it is based on laws and regulations. Personal information will not be used for purposes other than those intended or provided to third parties. The "Company" provides personal information only "when necessary for the smooth provision of services" as follows.
|
Field of Service |
Service recipient |
Items to be provided |
Usage of provision |
Period of retention and use of Personal Information by recipient |
|
Check passport information |
The Ministry of Justice |
Passport number, nationality, date of birth |
Check the status of stay and expiration date of stay |
Until the recipient achieves the purpose of use |
|
Check passport information |
The Ministry of Justice |
Name, date of birth, gender, passport number |
Real name verification of passport number |
Until the recipient achieves the purpose of use |
|
Check passport information |
The Ministry of Foreign Affairs |
Name, passport number, date of issue, expiration date, date of birth |
Verification of authenticity of passport information |
Until the recipient achieves the purpose of use |
|
Passport Verification |
Hyundai Department Store Co., Ltd. |
Nationality, passport number, name, date of birth, passport expiration date, passport issuance date, gender, member photo in actual passport, Passport authenticity, residence qualification |
Verification of authenticity of passport information |
Until the recipient achieves the purpose of use |
2. However, the following cases are exceptions.
o In cases where there are special provisions in the law or it is inevitable to comply with legal obligations
o In cases where it is inevitable for public institutions to perform their duties as stipulated in laws and regulations (e.g., in cases where there is a request from a relevant agency regarding excellent products certified by the Ministry of Culture and Tourism)
o In cases where it is necessary for billing for the provision of information and communication services
o In cases where there are special provisions in other laws
3. Right to refuse consent
Users have the right to refuse consent to the provision of personal information to third parties. However, if consent is refused, it may be difficult to provide services such as reservations for products and services provided by third parties.
Article 6 Matters concerning entrustment of personal information processing
1. The "Company" entrusts the following tasks related to the processing of personal information. In addition, we provide the minimum amount of personal information necessary to perform the entrusted work through the entrustment contract, and in order to safely protect the personal information, we specify in the contract and other documents matters related to prohibition of processing personal information for purposes other than the performance of the entrusted work, technical and administrative protection measures, restrictions on re-entrustment, management and supervision of the trustee, compensation for damages, etc., and manage and supervise the trustee.
Article 7 Rights of users and legal representatives and methods of exercising them
1. Users or legal representatives (if the user is under 14 years of age) may view or correct their registered personal information through the mobile passport authentication app at any time. In particular, in response to a user's request for correction of personal information, the "Company" will not use the relevant personal information until the correction is complete. If you are not a mobile passport authentication member, please call the headquarters and we will take action without delay.
2. Users or legal representatives (if the user is under 14 years of age) may withdraw their consent to the collection, use, and provision of personal information at any time when registering as a member or cancel their membership. If you request withdrawal of consent (withdrawal of membership) through the "Mobile Passport Authentication" APP or through the "Homepage", we will take action without delay.
Article 8 Matters concerning measures to ensure the safety of personal information
1. In processing personal information of users, the "Company" implements the following technical measures to ensure the safety of personal information so that it is not lost, stolen, leaked, altered, or damaged.
① Personal information of users is managed so that personal information of users is not leaked even in the event of an accident by encrypting files and transmission data.
② The system that stores and processes personal information of users is protected through a firewall and intrusion detection system and is managed against external threats through 24-hour monitoring.
③ The system that stores and processes personal information of users is protected from damage caused by viruses by using an antivirus program that is automatically updated.
2. In processing personal information of users, the "Company" implements the following management measures.
① Access to personal information of users is limited to a minimum number of people. ② We provide regular in-house training and external training on new security technologies and personal information protection obligations to employees who handle personal information.
③ The transfer of work of personal information handlers is thoroughly carried out while maintaining security, and we clearly define responsibilities for personal information accidents after employment and retirement.
④ We have designated computer rooms and data storage rooms as special protection zones and control access.
Article 9 Personal Information Protection Manager and Department Information
Personal Information Protection Manager
Name: Jang Yang-ho
Department: CEO
Contact: 1833-6775
Personal Information Protection Manager
Name: Lee Jin-yong
Department: Information Protection Team
Contact: 1833-6775
Article 10 Remedy for infringement of the rights of information subjects
1. Users may apply for dispute resolution or consultation to the following organizations to seek relief for damages caused by infringement of personal information. ㅇ Personal Information Dispute Mediation Committee: 1833-6972 (www.kopico.go.kr) (without area code) 118 (privacy.kisa.or.kr)
ㅇ Personal Information Infringement Report Center: (without area code) 118 (privacy.kisa.or.kr)
ㅇ Supreme Prosecutors' Office Cyber Crime Investigation Division: 02-3480-3571 (cybercid@spo.go.kr)
ㅇ National Police Agency Cyber Safety Bureau: 1566-0112 (cyberbureau.police.go.kr)
Article 11 Matters regarding changes to the personal information processing policy
1. If there are additions, deletions, or modifications to the above contents, we will explain them to users through notices, etc.
2. We will not reduce the user's rights described in this personal information processing policy without the user's explicit consent, and we will keep the previous version of this personal information processing policy so that users can check it.
Effective date: December 31, 2023
Effective date: October 1, 2024