SPC values the protection of customers’ privacy and always does its best to protect customers’ privacy data. SPC complies with all privacy data protection-related laws, including the ‘Act on Promotion of Information and Communications Network Utilization and Information Protection, etc.’, a major privacy data protection-related law.
Privacy data is information about a living individual that can identify an individual by name, resident registration number, etc. (including such information that can be easily combined with other information to identify a specific individual even if the information alone cannot identify a specific individual).
2. The Scope of Privacy Data Collection
The websites of SPC Group subsidiaries collect and use the minimum necessary privacy data of users for the purpose of providing optimal services for users in response to users’ suggestions, complaints, and data requests to increase customer service satisfaction with the company and products.
Collected items: e-mail address, name, contact information
3. How to Collect Privacy Data
Through the ‘Personal Information Handling Policy’, a procedure in which a user can select ‘Agree’ or ‘Do Not Agree’ is established. If a user clicks the ‘Agree’ button, he or she is deemed to have agreed to the collection of privacy data.
4. Purpose of Collection and Use of Privacy Data
The company uses the collected privacy data for the following purposes. All information provided by members will not be used for purposes other than those necessary for the following purposes, and prior consent will be sought in case of change.
The SPC website collects privacy data for the following purposes:
E-mail address, name, contact information: to secure a smooth communication path as for delivering notices, confirming user’s intention, handling user complaints, etc., provide information on new services/products, provide information on company events, and/or secure the correct delivery address for the delivery of items such as prizes.
5. Period of Retention and Use of Privacy Data
The company basically deletes a member’s privacy data immediately when the purpose of its collection and use is achieved. However, it is kept for the specified period as an exception, in the following cases.
① Reason for retaining information according to the company’s internal policy – reason for storing information: to prevent illegal use of information and cooperate with investigation agencies for illegal users.
② Protection of Communications Secrets Act and Act on Promotion of Information and Communications Network Utilization and Information Protection, etc. – privacy data storage period in accordance with the Act on Promotion of Information and Communications Network Utilization and Information Protection, etc. and its Enforcement Decree: six months
– Records about a user: six months
– Website visit history: three months
If the company and affiliates separately have obtained consent as needed: information may be stored within the scope of separately obtained consent and within the period of use
6. Matters Concerning Refusal of Consent to Collection of Privacy Data
7. Collection of Privacy Data By Cookies
– What is a Cookie?
The SPC website uses a ‘cookie’ to store and retrieve information about its members from time to time.
A cookie is a small amount of information that a website sends to your computer browser (Chrome, Internet Explorer, etc.).
When a member accesses the website, the server of the SPC website reads the content of the cookie in the member’s browser. Afterwards, our server can find the member’s additional information on the member’s computer and provide the service without additional input such as name as may be required by connection. The cookie identifies a member’s computer, but does not personally identify a member. Members also have choices about cookies. By selecting Tools > Internet Options tab at the top of your web browser, you can choose to accept all cookies, send a notification when a cookie is installed, or reject all cookies.
① Differentiated information provision according to individual interests
② The access frequency or usage patterns of members and non-members are analyzed to provide personalized services or to be used as a measure for service reorganization
③ Register postings on the message board
Cookies are automatically deleted when you close your browser or log out.
8. Non-Purpose Use and Provision and Sharing to Third Parties
The SPC website uses your privacy data within the scope specified in the ‘Purpose of Collection and Use of Privacy Data’, and does not use it beyond the scope or provide it to other persons or other companies or institutions. However, we will use and provide privacy data with caution in the following cases only.
1) For Partnerships
To provide better service, we may provide or share member’s privacy data with our business partners. When providing or sharing privacy data, the name of the partners, the items of privacy data to be provided or shared, the reason for providing the data, the period of its provision and protection, the management policy, etc. shall be announced on our website or notified to individual users by e-mail or in writing in seeking consent. If the member does not consent, we will not provide or share privacy data with our business partners. When there is a change in the partnership or when the partnership is terminated, the same procedure will be followed to notify or seek consent.
2) Consignment of Data Processing
In case of it consigns the processing of user’s privacy data for smooth business handling, the company shall notify in advance the name of the consignee for the processing, the scope of the privacy data consigned, the consignment procedures for the purpose of consignment processing, and the period of maintaining the consignment.
SPC consigns the following information about participating in the lottery, viewing its results, and sending out prizes for the first wheat bread event.
Announcing successful event participants and sending out gifts
Announcing recruitment and other recruitment matters
3) When the rights and obligations of the service provider are completely succeeded and transferred, the company must notify in detail the justifiable reasons and procedures in advance and give the user the option of withdrawing consent to his or her privacy data.
As for the method of notice and consent, the company will notify at least ten days in advance through the notice on the initial screen of the website, and at the same time, notify individual users at least once by e-mail, etc. For sale or merger, the company must proceed only with active consent (directly expressing its intention to provide and share privacy data with a third party).
With the following exceptions:
① When there is a request from a relevant agency for investigation purposes according to the relevant laws
② When providing data to advertisers, partners, or research organizations, in a form that cannot identify specific individuals, for statistical preparation, academic research, or market research
③ When there is a request in accordance with the procedures stipulated in other related laws
④ Even in exceptional cases, if information is provided in accordance with the related laws or at the request of an investigation agency, the company will basically notify the person concerned. The company may inevitably not be able to give notice due to legal reasons. The company will do its best not to provide information indiscriminately against the original purpose of collection and use.
9. Viewing and Correction of Privacy Data
Members can view or correct their registered privacy data any time.
If you want to view and correct privacy data, you can view or correct it by clicking ‘Change Privacy Data’. If you contact the person in charge of privacy data management in writing, by phone, or by e-mail, the company will take action without delay.
10. Withdrawal of Consent to Collection, Use, and Provision of Privacy Data
The member’s consent to the collection, use, and provision of privacy data through membership registration, etc. can be withdrawn at any time.
To withdraw consent (for withdrawal of membership), you can withdraw consent (withdrawal of membership) by clicking ‘Cancel Membership’ on the website.
We will take necessary measures to make withdrawal of consent (withdrawal of membership) to the collection of privacy data easier than the method of collecting privacy data.
11. Technical and Administrative Measures for Privacy Data Protection
1) Technical Measures
In handling members’ privacy data, the company takes the the technical measures as below to ensure stability so that privacy data is not lost, stolen, leaked, altered, or damaged.
① Members’ privacy data is reported by password. Important data is protected through separate security features, such as file transfer and data encryption, or using file lock.
② The SPC website uses a vaccine program to take measures to prevent damage caused by computer viruses.
③ The SPC website employs a security device that can safely transmit privacy data on the network using an encryption algorithm.
④ In preparation for external intrusions such as hacking, each server is fully secure by using an intrusion prevention system and a vulnerability analysis system.
2) Administrative Measures
In handling members’ privacy data, the company takes the following technical measures to ensure stability so that privacy data is not lost, stolen, leaked, altered, or damaged.
① The SPC website limits access to members’ privacy data to the minimum number of people.
Those who fall under the minimum number of persons are as follows.
– A person who performs marketing tasks directly with users
– Persons in charge of privacy data management, such as the privacy data manager and the privacy data staff
– Persons who need to handle privacy data for other business purposes
② For employees who handle privacy data, the company conducts regular in-house training and outsourced training on acquisition of new security technologies and obligations to protect privacy data.
③ The handover between the privacy data-related handlers is carried out thoroughly with security maintained. The company holds its employees clearly responsible for privacy data breaches after they join or leave the company.
④ The company does not integrate and store privacy data and general data, but keeps them separately through a separate server.
⑤ The company controls access by designating the computer room and data storage room as special protection areas.
⑥ The SPC website is not responsible for the personal mistakes of the user or for any incidents that occur due to the basic Internet hazards. Each member must properly manage his/her ID and password and take responsibility for it in order to protect his/her privacy data.
⑦ In the event that privacy data is lost, leaked, altered, or damaged due to the mistake of an internal manager or an accident in technical management
12. Linked Sites
The SPC website values postings from its members and does its best to protect them from falsification, damage, or deletion.
However, this is not the case in the following cases.
① Posts that are spam (e.g., “lucky letters”, “800 million emails”, advertisements on specific sites).
② Posts that damage the reputation of others by disseminating false information for the purpose of slandering them.
③ Disclosure of the identity of others without consent, content that infringes rights such as copyrights of third parties, and postings with content different from other message boards.
④ In order to promote a desirable bulletin board culture, the SPC website may delete a specific part of a post or modify it by replacing it with a symbol and post it reveals the identity of another person without consent.
⑤ If the content can be moved to a bulletin board on a different topic, the route of movement is disclosed in the post to avoid misunderstanding.
⑥ In other cases, a post may be deleted after an explicit or individual warning.
Basically, all rights and responsibilities related to postings rest with the individual authors.
In addition, since it is difficult to protect information that is voluntarily disclosed through postings, the company advises users to think carefully before disclosing information.
14. Consignment of Privacy Data Processing
The SPC website may consign the collection, handling, management, etc. of your privacy data to an outside party for service improvement
– In case the processing of privacy data is consigned, we will notify you in advance in writing, by e-mail, by phone, or through the website of the consignee, the consignment period, the relationship between the service provider and the consignee, and the scope of responsibility.
– In case the processing of privacy data is consigned, the company will specify the service provider’s strict compliance with our instructions with respect to the protection of privacy data through the consignment contract, etc., maintain the confidentiality of privacy data, prohibit the provision of privacy data to third parties, and stipulate liabilities in case of breaches, clearly stipulate the return or destruction of privacy data after processing is completed, and keep the details of the contract in writing or electronically.
15. Transmission of Advertising Information
① The SPC website does not transmit commercial information for commercial purposes against your explicit refusal to receive it.
② When a member consents to the transmission of e-mails such as newsletters, the SPC website takes measures to make it easy for the member to recognize the following in the subject and body of the e-mail.
– Subject line of e-mail: In this case, the phrase ‘advertisement’ may not be displayed in the subject line, and the main content of the body line of the e-mail is displayed instead.
– The body of the e-mail: This specifies the name of the sender, e-mail address, phone number, address, the method of refusal to receive (Korean/English), the time of consent to receive, etc.
16. Person in Charge of Privacy Data Management
In order to protect customers’ privacy data and handle complaints and inquiries related to privacy data, the company designates and operates the relevant departments as follows. In addition, the company values your opinions very much. If you have any questions regarding privacy data, please contact the privacy data management department below. We will respond promptly and sincerely to your inquiries.
Department responsible for privacy data management and contact information : SPC Business Support Department / 02-2276-5903
Person in charge of privacy data management : Kim Beom-gu, Managing Director (Privacy Data Protection General Manager) / Baek Seung-hoon, Manager (Privacy Data Protection Manager)
4. National Police Agency Cyber Terror Response Center (www.ctrc.go.kr/02-392-0330)
17. Duty of Notice
The current privacy data handling policy was enacted on July 1, 2005, and if there is any addition, deletion, or modification of the content according to the change of government policy or security technology, we will notify you through the ‘Notices’ section of the website at least ten days before the revision.