MARUHOSTING

MARU INTERNET Inc (hereinafter referred to as 'MARU') shall protect the privacy and rights of customers in accordance with the Act on the Promotion of Information and Communication Network Utilization and Information Protection, and the Personal Information Protection Act, The following handling policy has been put in place to ensure smooth processing.
MARU will notify you through website announcements (or individual notices) if you revise your privacy policy.

○ This policy will be effective from June 10, 2019.

01. Purpose of Processing Personal Information

MARU processes personal information for the following purposes: The processed personal information will not be used for any purpose other than the following purposes.

Purpose	Contents
Service provision	We handle personal information for consultation / inquiry, service provision, bill payment, dispatch of invoice, fulfillment of contract about service provision and charge settlement.
Membership and Management	Personal information is handled for the purpose of personal identification, personal identification, etc. through the use of membership service.
Marketing and advertising	We process personal information for purposes such as providing events, advertisement information and participation opportunities, grasping access frequency, or statistics about member's service utilization.

02. Items of personal information processed

The items of the personal information processed by MARU for member registration and various services are as follows.

Profile	Personal information item	How to collect
Profile	Password, name, ID, address, phone number, mobile phone number, email address	homepage

03. Personal information processing and retention period

In principle, the personal information of the customer is destroyed without delay when the purpose of processing the personal information is achieved.
However, the following information will be kept for the period specified below.

Personal information file name	Personal information item	Possession basis	Retention period
Profile	Password, name, ID, address, phone number, mobile phone number, email address,	Prevention of fraudulent use	Before leaving membership

Other information that is preserved in accordance with the provisions of the law is as follows.

가. Records on contract or withdrawal : 5 years (Consumer Protection Act)
나. Record of payment and goods supply : 5 years (Consumer Protection Act)
다. Records of consumer complaints or disputes : 3 years (Consumer Protection Act)
라. Record of identity verification: 6 months(Act on Information Communication Promotion and Information Protection, etc.)

04. Providing third parties with personal information

In principle, MARU will process your personal information within the limits specified in Article 1 (Purpose of Personal Information), and will not process it beyond its original scope or give it to a third party without your prior consent.
However, if such a situation arises, we will ask for your prior consent.

If you provide or share your personal information, you must know who is providing or sharing with you in advance, what your main business is, what personal information items are provided or shared, what purpose you are providing or sharing personal information about Etc., by e-mail or in writing, and seek their consent.

However, in the following cases, it is possible to provide personal information without your consent in accordance with the provisions of relevant laws and regulations.

- When necessary for the settlement of fees according to service provision
- Statistical writing ㆍ In case that it is necessary for academic research or market research,
- Consumer Protection in the Act on Real Name Financial Transactions and Confidentiality, Law on the Use and Protection of Credit Information, the Basic Law on Telecommunications, the Telecommunications Business Act, the Telecommunications Privacy Protection Act, the Promotion of Information Network Usage and Information Protection Act, and Electronic Commerce If there are special provisions in the law such as the law on the law, the local tax law, the consumer protection law, the Bank of Korea Act, the Criminal Procedure Act

05. Personal information processing consignment

In principle, MARU does not entrust the processing of personal information to others without your consent.
However, if such a situation arises, we will ask for your prior consent.

06. The rights, duties and methods of the information entity

As a personal information entity, you may exercise the following rights:

1. Members and legal representatives may ask for personal information of registered member at any time through home page or telephone, and may request correction or termination of membership.
2. If you request correction of errors in personal information, we will not use or provide the personal information until the correction is completed.
3. If we have already provided false personal information to a third party, we will immediately notify the third party of the result of the correction, and we will correct it.
4. Personal information held and deleted by the Company and the entrusted company or the third party provided by the consent is processed as specified in the "Period of Retention and Use of Personal Information", and is prohibited from being viewed or accessed for any other purpose .

07. Destruction of personal information

MARU will, in principle, destroy personal information without delay when the purpose of processing personal information is achieved. The procedures, deadlines and methods of destruction are as follows.

1. The Company will, in principle, immediately destroy such information after the purpose of collecting and using personal information is achieved.

① Destruction procedure: The personal information acquired by the company is transferred to a separate DB after the purpose is achieved and is stored for a certain period of time according to the reasons for the information protection by the internal policy and other related laws (see the period of possession and use).
② Destruction method: When the purpose of collecting and using the customer information or withdrawing the consent of the customer is done, the company will destroy it in a non-reproducible manner such as crushing / incineration / data deletion without delay.

2. The Company will take action to enforce actual destruction even if the customer's personal information is provided to a third party or entrusted company.
Information in the form of electronic files is a technical method that can not reproduce records.
Personal information printed on paper is crushed by crusher or destroyed by incineration.

08. Measures to ensure the security of personal information

In accordance with Article 29 of the Personal Information Protection Act, MARU implements the following technical, administrative and physical measures to ensure safety.

Measure	Contents
Minimization and training of personal information handling staff	Employees who deal with personal information are designated and limited to the person in charge, and measures are taken to minimize personal information.
Conduct periodic self-audits	We conduct our own audits regularly (quarterly) to ensure the safety of handling personal information.
Establishment and enforcement of internal management plan	We have established and implemented an internal management plan for the safe handling of personal information.
Encryption of personal information	Your password is stored and managed in one-way encryption (SHA256) so that only you can know it. Other important personal information is kept encrypted by the AES256 algorithm.
Technical measures against hacking	MARU installs a security program to prevent leakage and damage of personal information caused by hacking or computer viruses, periodically updates and checks, installs the system in an area controlled from outside and technically and physically monitors and blocks them.
Restrict access to personal information	We take necessary measures to control access to personal information through granting, modifying, and deleting access rights to the database system that handles personal information. We also control unauthorized access from outside by using an intrusion prevention system.
Avoid archiving and forgery of connection logs	We maintain and maintain records of access to the personal information processing system for at least six months. We use security features to prevent forgery, theft, and loss of access logs.
Use locks for document security	We keep documents with personal information and auxiliary storage media in safe place with lock.
Access control to unauthorized persons	We have set up a separate physical storage area for personal information, and set up access control procedures.

09. Privacy Officer

In order to protect personal information and to handle complaints related to personal information, MARU has designated the person in charge of personal information protection and the person in charge as below.   (Person in charge of personal information protection pursuant to Article 31 (1) of the Personal Information Protection Act)

Division	Privacy Officer
Department	Customer Support Team
Name	Park Sang Jun
Phone	070-7452-5757
Email	support@onmaru.com

10. Change of privacy policy

This Privacy Policy will be effective from the effective date. If there is any addition, deletion or correction of the change according to the laws and policies, it will be notified from the announcement 7 days before the change in accordance with the 'Personal Information Protection Act' .

11. Infringement Remedies

In order to receive relief from personal information infringement, the personal information subject may apply for dispute settlement or consultation with the Personal Information Dispute Resolution Committee or the Korea Internet Information Agency. Please contact the following organizations for reporting and consulting other infringement of personal information.

1. Individual Dispute Resolution Committee : (국번없이)118
2. Information Protection Mark Certification Committee : 02-580-0533~4
3. Supreme Prosecutors' Office, Advanced Criminal Investigation Division : 02-3480-2000
4. Cyber Terror Response Center, National Police Agency : 02-1566-0112

12. Matters concerning the installation, operation and rejection of the automatic collection device of personal information

The company operates 'cookies' that store and find your information from time to time. A cookie is a tiny text file that is sent to your browser by the server used to run the website and is stored on your computer's hard disk. Cookies are used for the following purposes:

▶ Cookies and other purposes: Provides targeted marketing and personalized service through analyzing frequency of visitors and non-members' access frequency and time of visit, grasping user's taste and interest, traceability, participating in various events and visiting times. You have the option of installing cookies. Therefore, you can allow all cookies by setting options in your web browser, check each time a cookie is saved, or refuse to save all cookies.

▶ How to decline cookie settings :
EX: To decline cookies, you can either accept all cookies, check each time you save cookies, or refuse to save all cookies by selecting the option for your web browser.

However, if you refuse to install cookies, it may be difficult to provide services.