● Privacy Policy
'Korea Carbon Neutral Environmental Association' (hereinafter referred to as the 'Association') values the personal information of users and complies with the "Act on Promotion of Information and Communications Network Utilization and Information Protection."
Through this Privacy Policy, the Association informs users of the purposes and methods of using the personal information provided and the measures taken to protect personal information.
The Association's Privacy Policy includes the following contents:
1. Items of Personal Information Collected and Collection Methods
2. Purpose of Collection and Use of Personal Information
3. Retention and Use Period of Personal Information
4. Sharing and Provision of Personal Information
5. Outsourcing of Personal Information Processing
6. Procedures and Methods of Destroying Personal Information
7. Rights of Users and Legal Representatives and How to Exercise Them
8. Matters Concerning Installation, Operation, and Refusal of Automatic Collection Devices
9. Technical and Administrative Protection Measures for Personal Information
10. Personal Information Management Officer
11. Personal Information-Related Reports and Dispute Resolution
12. Obligation to Notify Changes
Chapter 1. Items of Personal Information Collected and Collection Methods
1. Items of Personal Information Collected
① The Association collects the following personal information for membership registration, service application, and customer consultation:
- Upon membership registration:
<Required items>: ID, password, password question and answer, name, nickname, email, contact number (mobile or landline), date of birth, gender, legal guardian information (for children under 14)
<Optional items>: Residential area, self-introduction, mailing service subscription, SMS reception preference, information disclosure
- For specific service applications: address, business-related information (company name, business registration number, representative's name, business address/phone/fax/email, website address, e-commerce registration number)
- For refunds: account information (bank name, account number, account holder's name)
② During service use or business processing, the following information may also be collected:
Service usage records, access logs, cookies, IP addresses, payment records, service suspension records, misconduct records
2. Methods of Collecting Personal Information
The Association collects personal information through:
① Membership registration via website and written forms
② Customer consultations and service management via phone, fax, and inquiry boards
Chapter 2. Purpose of Collecting and Using Personal Information
The Association uses the collected personal information for the following purposes:
1. Execution of Service Contracts and Billing
Provision of services and content, delivery of goods or invoices, identity verification, purchases and payments, debt collection
2. Membership Management
Identity verification for membership services, personal identification, prevention of misuse by delinquent members, confirmation of registration intent, management of registrations and frequency restrictions, confirmation of legal guardian's consent for children under 14, record retention for dispute resolution, complaint handling, notifications
3. New Service Development and Marketing/Advertising
Development and specialization of new services/products, provision of services and advertising based on demographic characteristics, analysis of access frequency, statistics on service usage, delivery of event and promotional information
Chapter 3. Retention and Use Period of Personal Information
In principle, personal information is destroyed immediately after the purpose of collection and use is achieved. However, certain information is retained for the periods specified below:
1. Retention under Internal Policy
Even after a member withdraws, the Association retains the following information to prevent service misuse and ensure smooth service operation:
Name, email address, contact number (mobile or landline)
- Reason for Retention: Prevention of service confusion, dispute resolution, cooperation with investigative agencies
- Retention Period: 1 year
Records of misconduct (including personal information of delinquent users)
- Reason for Retention: Prevention of service misuse and re-registration of delinquent users
- Retention Period: 1 year
2. Retention by Related Laws
When necessary under laws such as the Commercial Act and the Act on Consumer Protection in Electronic Commerce, the Association retains information for specified periods.
Records of contracts or withdrawal of offers
- Reason: Act on Consumer Protection in Electronic Commerce
- Retention Period: 5 years
Records of payment and supply of goods, etc.
- Reason: Act on Consumer Protection in Electronic Commerce
- Retention Period: 5 years
Records of consumer complaints and dispute resolution
- Reason: Act on Consumer Protection in Electronic Commerce
- Retention Period: 3 years
Access logs
- Reason: Protection of Communications Secrets Act
- Retention Period: 3 months
Chapter 4. Sharing and Provision of Personal Information
The Association uses personal information within the scope specified for collection and use purposes and does not disclose or provide it externally beyond that scope. However, exceptions are made in the following cases:
1. When the member has given prior consent to provide or share information with third parties.
2. When required by law or upon the request of an investigative agency following the procedures and methods set forth by law.
Chapter 5. Outsourcing of Personal Information Processing
The Association outsources personal information processing for service execution and specifies necessary matters to ensure that personal information is safely managed according to relevant laws. If there are changes to the outsourcing companies, it will be announced through the notice board or the Privacy Policy page.
Details of outsourcing are as follows:
- Outsourced Company: 1004pr
- Task Details: Website management and SMS messaging service
- Retention and Use Period of Personal Information: Until the end of the outsourcing contract
Chapter 6. Procedures and Methods of Destroying Personal Information
In principle, the Association destroys personal information without delay once the purpose of collection and use has been achieved. The destruction procedures and methods are as follows:
1. Destruction Procedures
① Information entered by the user for membership registration, etc., is retained for a certain period according to internal policies and other related laws (refer to Retention and Use Period) and then destroyed.
② Personal information is not used for any other purposes except as stipulated by law.
2. Destruction Methods
① Printed personal information is shredded or incinerated.
② Personal information stored in electronic file format is deleted using technical methods that make the data unrecoverable.
Chapter 7. Rights of Users and Legal Representatives and How to Exercise Them
1. Members and legal representatives may view or modify the personal information of themselves or their children under 14 at any time and may request to withdraw consent (membership withdrawal).
2. To view or modify personal information, users can use the "Edit Member Info" feature. To withdraw consent, users can click "Withdraw Membership" and complete identity verification. Alternatively, they may contact the Personal Information Manager by writing, phone, email, or through the inquiry board for prompt action.
3. If a user requests correction of an error in their personal information, the information will not be used or provided until the correction is completed. If incorrect information was already provided to a third party, the correction result will be communicated immediately.
4. Personal information deleted or canceled at the request of users or legal representatives will be handled according to Chapter 3 (Retention and Use Period) and will not be accessed or used for other purposes.
Chapter 8. Installation, Operation, and Refusal of Automatic Collection Devices (Cookies)
The Association uses 'cookies' to provide personalized services. Cookies are small text files sent by the server operating the website to the user's browser and stored on the user's hard disk. They identify the user's computer but not the individual personally.
1. Purpose of Using Cookies
The Association uses cookies for the following purposes:
Analysis of access frequency and visit times of members and non-members, identifying user preferences and interests, tracking user activities, providing targeted marketing and personalized services through participation rates and visit frequencies.
2. How to Refuse Cookie Settings
Users have the option to accept or decline cookies. Users can set options in their web browser to allow all cookies, to receive notifications when cookies are set, or to refuse all cookies.
Example of settings: (For Internet Explorer) Tools > Internet Options > Privacy
However, if you refuse to accept cookies, the use of services that require login on the Association's website may be restricted.
Chapter 9. Technical and Administrative Measures for Protection of Personal Information
Users' personal information is protected mainly by their ID and password. The Association takes the following technical and administrative measures to ensure the security of personal information:
1. Technical Measures
① Passwords for user accounts are encrypted for secure storage, and only the user knows them.
② The Association regularly backs up data against damage, uses antivirus programs to protect against virus attacks, and implements security measures for network communications.
③ Security devices are installed to prevent data leaks during payment processes.
④ Unauthorized access from outside is blocked by a firewall, and all technical means available are used to secure the systems.
2. Administrative Measures
① Verification procedures are followed for identity confirmation when handling personal information at a user's request.
② Access to personal information is restricted to authorized personnel only, and regular training is provided to ensure compliance with this Privacy Policy.
Despite the Association’s efforts, users should also protect their ID, password, and resident registration numbers to prevent leakage. The Association is not responsible for any issues caused by the user's negligence. It is recommended to use complex passwords mixing letters and numbers, change passwords regularly, and always log out after using the service, especially on shared or public computers.
Chapter 10. Personal Information Management Officer
The Association has designated a Personal Information Management Officer to protect users' personal information and handle complaints. Users can report any issues regarding personal information to the officer or the department in charge, and the Association will respond promptly and adequately.
1. Personal Information Management Officer
- Name: Jongil Kim
- Phone: 02.853.8561
- Email: tiger5433@naver.com
2. Personal Information Handling Department
- Department: Internet Department
- Phone: 02.853.8561
- Email: tiger5433@naver.com
Chapter 11. Personal Information-Related Reports and Dispute Resolution
If you need to report or consult regarding personal information infringement, please contact the Korea Internet & Security Agency (KISA) Personal Information Infringement Report Center.
Personal Information Dispute Mediation Committee: 1833-6972 (www.kopico.go.kr)
Personal Information Infringement Report Center: 118 (privacy.kisa.or.kr)
Supreme Prosecutors' Office Cyber Investigation Division: 02-3480-3570 (cybercid.spo.go.kr)
Korean National Police Agency Cyber Bureau: 182 (cyberbureau.police.go.kr)
Chapter 12. Obligation to Notify Changes
If there are any additions, deletions, or modifications to this Privacy Policy due to changes in laws, policies, or security technologies, the Association will notify users at least 7 days before the changes take effect through the website’s notice board.
1. Announcement Date: October 19, 2024
2. Effective Date: October 29, 2024