1. Purpose of processing personal information ONYOUSOFT (hereinafter referred to as the "Company") processes personal information for the following purposes and does not use it for any purpose other than the following.<br>
- Confirmation of your intention to subscribe, identification and authentication for the provision of services to you, maintenance and management of your membership, payment for the supply of goods or services, supply of goods or services, delivery of goods or services, etc.<br>
2. Processing and retention period of personal data<br>
① The Company shall process and retain personal information within the period of personal information retention and use agreed upon when collecting personal information from the information subject or within the period of personal information retention and use in accordance with laws and regulations.<br>
②  The specific personal data processing and retention periods are as follows<br>
Customer subscription and management: Until the termination of the service use contract or membership, but in the case of debt or debt relationship, until the settlement of such debt or debt relationship<br>
- Records of contract and contract withdrawal, payment, and supply of goods in e-commerce: 5 years <br>
3. Disclosure of personal information to third parties<br>
① The Company will only provide personal information to third parties in accordance with Articles 17 and 18 of the Personal Information Protection Act, including the consent of the data subject and special provisions of the law.<br>
② We provide personal information to third parties as follows<br>
4. Outsourcing the processing of personal data<br>
① The Company entrusts the processing of personal information as follows to ensure the smooth processing of personal information.<br>
② In accordance with Article 25 of the Personal Information Protection Act, when entering into an entrustment contract, the Company specifies in documents such as contracts the prohibition of processing personal information for purposes other than the performance of entrusted tasks, technical and administrative protection measures, restrictions on re-consignment, management and supervision of the entrustee, and responsibilities such as compensation for damages, and supervises whether the entrustee handles personal information safely.<br>
③ If the content of the consignment or the trustee changes, we will disclose it through this privacy policy without delay.<br>
5. Rights and obligations of the information subject and legal representative and how to exercise them You may exercise the following rights as a personal information subject.<br>
① The data subject may exercise any of the following privacy rights against the Company at any time<br>
1. Request access to personal information<br>
2. Require correction of errors, etc.<br>
3. Request deletion<br>
4. Request a stop processing<br>
6. Create an entry for the personal data you process <br>
① We process the following categories of personal data<br>
7. Destruction of personal information In principle, the Company will destroy personal information without delay when the purpose of processing personal information has been achieved. The procedure, deadline and method of destruction are as follows.<br>
-Destruction process<br>
The information entered by the user is transferred to a separate database (separate documents in case of paper) after the purpose is achieved and stored for a certain period of time in accordance with internal policies and other relevant laws or destroyed immediately. In this case, the personal information transferred to the DB will not be used for any other purpose unless required by law.<br>
-Destroyed<br>
Your personal information will be destroyed within 5 days from the end of the retention period if the retention period has expired, or within 5 days from the date the personal information is deemed unnecessary, such as when the purpose of processing the personal information is achieved, the service is abolished, or the business is terminated.<br>
8. Installation, operation and refusal of automatic personal information collection devices<br>
The following information may be automatically generated and collected in the course of service use or business processing.<br>
Your browser type and OS, browsing history (IP address, access times), cookies<br>
9. Create a privacy officer<br>
① The Company has designated a personal information protection officer as follows to take overall responsibility for the processing of personal information and to handle complaints and damage relief from information subjects related to the processing of personal information.<br>
▶ Privacy Officer <br>
Contact : support@onu-soft.com<br>
※ You will be directed to the Privacy Office.<br>
▶ Privacy Officer<br>
Contact : support@onu-soft.com<br>
② The information subject may inquire about all personal information protection-related inquiries, complaints, damage relief, etc. arising from the use of the Company's services (or business) to the person in charge of personal information protection and the department in charge. The Company will respond to and handle inquiries from information subjects without delay.<br>
10. Changing your privacy policy<br>
①This Privacy Policy will be applied from the effective date, and any additions, deletions, and corrections to the contents in accordance with laws and policies will be notified through a notice 7 days prior to the effective date of the changes.<br>
11. Measures to ensure the safety of personal information In accordance with Article 29 of the Personal Information Protection Act, the Company takes the following technical/administrative and physical measures to ensure safety.<br>
1. Conduct regular self-audits<br>
We conduct self-audits on a regular basis (once a quarter) to ensure the reliability of our handling of personal information.<br>
2. Minimise and train personal information handling staff<br>
We take measures to manage personal information by designating and limiting the number of employees who handle personal information to those in charge.<br>
3. Establish and implement an internal control plan<br>
We have established and implemented an internal management plan for the safe handling of personal information.<br>
4. Encryption of personal data<br>
Your personal information is stored and managed in encrypted form so that only you know your password, and for sensitive data, we use additional security features such as encrypting files and transmitted data or locking files.<br>
5. Restrict access to personal information<br>
The Company takes necessary measures to control access to personal information by granting, changing, and cancelling access rights to the database system that processes personal information, and controls unauthorised access from the outside using an intrusion prevention system.<br>
6. Controlling access for unauthorised people<br>
We have a separate physical storage location for personal information and have established and operated access control procedures for it.<br>
<br>