Suprema Co., Ltd. (hereafter "Company") is committed to adhering to relevant domestic and foreign laws, such as the Personal Information Protection Act and General Data Protection Regulation (GDPR). To safeguard the personal data of data subjects and ensure efficient handling of related complaints, the Company has established and is disclosing its privacy policy as follows.
Article 1. Purpose of processing personal information, processing items, processing and Retention period
Article 2. Personal information collection method
Article 3. Provision of Personal Data to Third Parties
Article 4. Consignment of Personal Data Processing and Overseas Transfer
Article 5. Personal Data Destruction Procedure and Method
Article 6. Rights and Duties of Data Subjects and Exercise of Rights
Article 7. Measures to Ensure the Safety of Personal Data
Article 8. Installation, Operation, and Rejection of Automatic Personal Data Collection Devices
Article 9. Contact Information for Privacy Officer and Relevant Department
Article 10. Remedy for Infringement of Rights and Interests of Data Subjects
Article 11. Privacy Policy of Other Websites
Article 12. Changes in Personal Data Processing Policy and Obligation to Notify
Article 1. Purpose of processing personal information, processing items, Processing and retention period
① The Company processes the personal data of data subjects as follows:
Category (Service) | Purpose of processing | Processed personal data | Processing and retention period | ||
---|---|---|---|---|---|
Korea Website | Sales and technical support | Sales and technical support | Required | Name, email, nationality, company name, phone number | 3 years |
Marketing | Optional | Name, email, nationality, company name, phone number | 2 years | ||
Support request | Support request | Required | Name, email, company name, phone number | 3 years | |
Marketing | Optional | Name, email, company name, phone number | 2 years | ||
Event participation registration | Event participation registration | Required | Name, email, company name, phone number | 1 year | |
Optional | Title | ||||
Global /Germany /France /Latam /Japan Website |
Contact Us | Sales and technical support | Required | Email, Full Name, Country, Company, Telephone | 3 years |
Marketing | Optional | Email, Full Name, Country, Company, Telephone | 2 years | ||
Become a Channel Partner | Business partnership registration | Required | Company information(Complete company name, Country, Legal address, Website, Telephone) Contact information(Full name, Job title, Email, Telephone) |
3 years | |
Optional | Company information(Fax) | ||||
Marketing | Optional | Company information(Complete company name, Country, Legal address, Website, Telephone, Fax) Contact information(Full name, Job title, Email, Telephone) |
2 years | ||
Become a Technical Partner | Technical partnership | Required | Company information(Complete company name, Country, Legal address, Website, Telephone) Contact information(Full name, Job title, Email, Telephone) |
3 years | |
Optional | Company information(Fax) | ||||
Marketing | Optional | Company information(Complete company name, Country, Legal address, Website, Telephone, Fax) Contact information(Full name, Job title, Email, Telephone) |
2 years | ||
Where to buy | Place of purchase | Required | Email, Full Name, Company, Phone | 3 years | |
Marketing | Optional | Email, Full Name, Company, Phone | 2 years | ||
Event | Participation and Application for Events (Exhibitions, Promotions, Campaigns, etc.). | Required | Name, Email, Country, Company, Position | 1 year | |
Marketing | Optional | Name, Email, Country, Company, Position | 2 years | ||
Offline events such as exhibitions | Participant information | Exhibition/fair registration | Required | Email, name, company name, department | 1 year |
Optional | Phone number, title | ||||
Technical training website |
Technical training | Technical training service support | Required | Name, Family name, E-mail, ID, Password, Company, Country | Until withdrawal/Until consent is withdrawn |
BioStar 2 | Mobile card authentication | Additional services for BioStar 2 | Required | ID, name, cell phone, email | Until data deletion/Until consent is withdrawn |
Cloud service(Moon/CLUe) | Cloud-based managed service (access control) | Platform service | Required |
Service user: country code, id(cell phone/email), password, name Store user: QR information(Naver/Kakao), name, cell phone, date of birth, gender, face image/face template(face recognition), fingerprint(fingerprint recognition) |
Until data deletion/Until consent is withdrawn |
② In addition to the personal information processing indicated in Paragraph 1, the Company may process and preserve personal information in accordance with other laws and regulations. Personal information processed in accordance with other laws will be stored for the period specified in the relevant laws.
Record | Legal Basis | Retention Period |
---|---|---|
Records related to contracts or withdrawal of subscriptions, etc. | Act on the Consumer Protection in Electronic Commerce | 5 years |
Records related to payment of fees and supply of goods, etc. | 5 years | |
Records related to consumer complaints or dispute resolution | 3 years | |
Records related to advertisements | 6 months | |
Website access records | Protection Of Communications Secrets Act | 3 months |
Article 2. Personal information collection method
① The company collects personal information in the following ways.
1) Website operated by the company (mobile web, Collection through apps (including apps)
2) Collection through generated information collection tools (access logs, cookies, etc.)
3) Collection of personal information directly provided by the information subject through offline events such as exhibitions
4) the information subject consults or inquires through email, phone, fax, etc.
② When collecting personal information, personal information is collected to the minimum necessary, and the personal information being processed is not used for purposes other than those intended . If the purpose of use changes, we will take necessary measures, such as obtaining separate consent.
Article 3. Provision of Personal Data to Third Parties
① The Company will not use or disclose the data subject's personal data to third parties without consent, except when required by relevant laws or regulations.
② However, personal data may be provided without separate consent in the following situations:
1) For the purpose of settling service fees;
2) When providing data in an anonymized form for statistical, research, or market survey purposes to research institutions, survey organizations, or other entities; or
3) When required by special provisions of relevant laws, such as the Personal Information Protection Act, Act on Promotion of Information and Communications Network Utilization and Information Protection, Protection of Communications Secrets Act, Framework Act on National Taxes, Act on Real Name Financial Transactions and Confidentiality, Credit Information Use and Protection Act, Framework Act on Telecommunications, Telecommunications Business Act, Local Tax Act, Act on Consumer Protection in Electronic Commerce, Criminal Procedure Act.
③ If personal data is provided to third parties without the data subject's consent under special legal provisions, only the minimum necessary information will be provided, and it will not be used for purposes other than the intended ones.
Article 4. Consignment of Personal Data Processing and Overseas Transfer
① The Company entrusts and transfers (stores) personal data to domestic and overseas entities to ensure smooth information provision, marketing, and stable service delivery, where the personal data is retained by the systems of the entrusted company. The Company shall ensure that the entrusted company only manages the data physically and does not have access to it.
Personal data(items) being transferred | Destination country of the transfer | Timing and method of the transfer | Recipient of the transfer | |||
---|---|---|---|---|---|---|
Corporate name | Contact information | Purpose of using the personal data | Retention and usage period | |||
ID, name, cell phone, email | South Korea | Network transfer both when users input their personal data on the website and when they provide personal data offline. | MOCA System | moca_sales@ mocainc.com |
Mobile card authentication service | Until the user unsubscribes or the data is discarded |
Service user: country code, id(cell phone/email), password, name Store user: QR information(Naver/Kakao), name, cell phone, date of birth, gender, face image/face template(face recognition), fingerprint(fingerprint recognition) |
South Korea | Network transfer both when users input their personal data on the website and when they provide personal data offline. | Amazon Web Services Inc. | aws-korea-privacy@ amazon.com |
Cloud service (data retention) | Until the user unsubscribes or the data is discarded |
Company information (full company name, country, legal address, website, phone number, fax) Contact information (name, title, email, phone number) ※ In case of optional information, transfer when filling out |
South Korea | the user enters personal information on the website, transmission through the network after the user provides personal information offline | Amazon Web Services Inc. | aws-korea-privacy@ amazon.com |
Store data on representative website and respond to customer inquiries |
2 years for personal information consented to marketing use, 1 year for personal information related to event participation, 3 years for personal information collected from other Suprema representative websites ※ In case of personal information related to DM, until unsubscription / deletion request |
Japan | Salesforce.com | privacy@ salesforce.com |
Store Salesforce data and send DM | |||
Email, name, nationality, company name, phone number | United States | Network transfer both when users input their personal data on the website and when they provide personal data offline. | mailchimp.com | privacy@ mailchimp.com |
Direct mailing (DM) | Until the user opts out from the DM service or requests deletion of their data |
Name, family name, email, ID, password, company name, nationality | Spain | Network transfer both when users input their personal data on the website and when they provide personal data offline. | epignosis | privacy@ talentlms.com |
Cloud service (data retention) | Until the user unsubscribes or the data is discarded |
※ Overseas transfer to the domain mailchimp.com only applies to LATAM.
② The Company manages and supervises the entrusted entity to ensure compliance with technical and administrative protection measures, as well as other relevant laws and regulations related to personal data, and prohibits them from processing the data for purposes beyond the scope specified.
③ In the event of a change in the content of the consigned processing or the entrusted company, the Company will promptly disclose such changes through this privacy policy.
④ The technical and administrative protection measures of cloud services shall comply with the policies of the cloud service provider. The cloud service provider shall solely manage the physical aspect of the outsourced personal data and shall not access it.
⑤ The data subject may choose to refuse the transfer of their personal data by contacting the Privacy Officer or the relevant department of the Company. However, please note that refusal to transfer personal data may result in limited access to the Company's relevant services.
Article 5. Personal Data Destruction Procedure and Method
① When personal data becomes obsolete, such as when the retention period expires or the processing purpose has been achieved, the Company shall dispose of the personal data promptly.
② In cases where personal data needs to be retained despite the expiration of the agreed-upon retention period or the achievement of the processing purpose due to other laws, it will be transferred to a separate database (DB) or stored in a different location.
③ The following outlines the procedure and method for the destruction of personal data:
1) Procedure:
Information entered by a data subject shall be transferred to a separate database (or a separate document if provided in hard copy) once the intended purpose has been achieved, and stored for a certain period in accordance with internal policies and other related laws. Otherwise, it will be immediately deleted. At this time, the personal information transferred to the database shall not be used for any other purpose, except as required by law.
2) Method:
Any information in the form of electronic files shall be deleted through a technical method that makes the records unrecoverable. Personal information printed in hard copy shall be shredded or incinerated.
Article 6. Rights and Duties of Data Subjects and Exercise of Rights
① The data subject may exercise the following privacy-related rights directly or indirectly through their legal representative with the Company at any time:
1) The right to receive information about the processing of personal data.
2) The right to determine the extent of consent for the processing of personal data.
3) The right to verify the processing of personal data and request access to (including obtaining copies of) and the transfer of personal data.
4) The right to request the suspension, correction, or deletion of personal data processing.
5) The right to seek compensation for damages caused by the processing of personal data through prompt and fair procedures.
6) The right to object to automated decisions based on personal data processing and request an explanation.
② You can exercise your rights under Paragraph 1 and withdraw your consent by contacting the Company's privacy department via email (privacy@suprema.co.kr) or the relevant service departments listed below. Once your identity is verified, we will promptly process your request.
1) Sales : korea@suprema.co.kr
2) Technical Support : CS@suprema.co.kr
3) Public Relations and Cooperation : PR@suprema.co.kr
4) Investor Relations : IR@suprema.co.kr
5) Website : marketing@suprema.co.kr
③ The data subject may exercise their rights either directly or indirectly through their legal representative or an authorized agent. In such cases, a letter of authorization is required.
④ Notwithstanding the provisions of Paragraph 1, access to personal data and the right to correction may be restricted when:
1) It poses a serious threat to the life, body, property, or rights of the data subject or a third party;
2) It significantly disrupts the proper operation of the service provider; or
3) It violates other laws, etc.
⑤ The Company does not generally collect personal data from individuals under the age of 16. However, if it becomes necessary to collect personal data from individuals under the age of 16, the Company will comply with the consent requirements and other criteria mandated by applicable laws after obtaining the consent of their legal guardian.
Article 7. Measures to Ensure the Safety of Personal Data
The Company takes the following administrative, technical, and physical measures to safeguard personal data.
1) Administrative measures:
Establishment and implementation of information security regulations and privacy control policy, operation of a dedicated organization, and regular training for employees.
2) Technical measures:
Access control and authentication for personal data processing systems, installation, and operation of access control systems and security programs, encryption of personal data, encrypted transmission, etc.
3) Physical measures:
Access control for computer rooms, etc.
Article 8. Installation, Operation, and Rejection of Automatic Personal Data Collection Devices
① The Company may use cookies, which have the following characteristics, to provide individualized customized services to users:
1) Cookies are small pieces of information sent by the website's server to the user's computer browser.
2) Cookies are used to store and retrieve usage histories of website visitors.
3) Cookies may be stored on users' PC hard drives.
② The Company uses these cookies to recognize users on its website(s) and remember their previous choices for default settings, including language preferences and location. Both first-party and third-party cookies may be used in combination. For detailed information about cookie usage, please refer to our Cookie Policy.
③ Users have the option to configure their web browsers to allow all cookies, request permission before saving cookies, or refuse all cookies. However, it is important to note that rejecting cookies may lead to limitations and issues in the use of our services, and the Company does not assume responsibility for any resulting restrictions.
④ How to install, enable, or reject cookies
division | How to reject | |
---|---|---|
For Windows 10 Internet Explorer 11 | Select the Tools button in Internet Explorer ▶ Select Internet Options ▶ Select the Privacy tab ▶ Advanced selection in settings ▶ Choose to block or allow cookies | |
Microsoft Edge | PC |
Select [ ••• ] menu at the top right of the web browser ▶ Select Settings [ ⚙️ ] ▶ Select [Personal Information, Search and Service] from the left menu Select whether to prevent tracking and the level in the ‘Tracking Prevention’ section. ▶ In the ‘Tracking Protection’ section, select whether to always use “Strict” Tracking Protection when browsing InPrivate ▶ In the ‘Personal Information’ section, click “Do Not Track Request” Select whether or not to “Send” ※ Existing collected cookies can be deleted from [Select items to delete] in the ‘ Clear browsing data ’ section. |
Mobile |
Menu at the bottom right of the web browser [ ≡ ] Select ▶ Settings [ ⚙️ ] Select ▶ Select [Personal Information Protection and Security] from the left menu ▶ Select [ Site Settings ] in the ‘ Personal Information ’ section ▶ Go to [ Third -party cookies ] in the ‘ Content ’ section and select whether to allow third -party cookies. ▶ Go to [ Tracking Prevention ] in the ‘ Security ’ section and select whether to prevent tracking and the level. ※ Existing collected cookies can be deleted from [Clear Search Data] in the ‘ Personal Information ’ section. |
|
Chrome | PC |
Select [ ⁝ ] from the menu at the top right of the web browser ▶ Select Settings [ ⚙️ ] ▶ [Personal Select [ Information protection and security] ▶ Go to [ Third Party Cookies ] and select whether to allow cookies. ※ Existing collected cookies can be deleted in [Delete Internet Usage History]. |
Mobile | ||
Safari | Mac OS |
Select [Preferences] from [Safari] in the top left menu bar of MacOS ▶ In the [Preferences] window, go to [Privacy Protection] and select whether to allow cookies. |
iOS | [Settings] ▶ Select [Safari] from the app list ▶ Select whether to allow cookies in [Privacy & Security] |
⑤ The following information other than cookies may be automatically generated and collected during service use or business processing.
- Service use records, access logs, IP address, MAC address, misuse record, wireless terminal information (manufacturer, model name, resolution, app running speed, OS version)
[Collection and Opt-out of Behavioral Information including Google Analytics]
① The Company may use Google Analytics, a web analysis service provided by Google, Inc., to improve our services and provide personalized experiences to our users. Google Analytics collects certain behavioral information, which includes:
Information items collected | Methods of behavioral information collection | Purposes of behavioral information collection | Retention period and subsequent information processing methods |
---|---|---|---|
User's web/app visit history, search history, and purchase history | Automatically collected and transmitted when users visit the Company's website or use the app | To provide recommendations and information based on user interests | Retention for 1 year, followed by disposal |
② Google Analytics uses "cookies," which are small text files stored on users' computers, to analyze website usage patterns.
③ The information collected through cookies is transferred to and stored on Google's servers in the United States.
④ Google may share this information with third parties or use third-party processors, as required by law.
⑤ Google does not associate users' IP addresses with any other data it possesses.
⑥ By using our services, unless you explicitly opt out of Google Analytics' use of cookies, you consent to the collection and processing of all information generated through Google Analytics.
⑦ For more information on Google Analytics' data handling practices, please visit support.google.com/analytics/answer/6004245?hl=en
⑧ If you wish to opt out of Google Analytics, you can do so by adjusting your browser settings to refuse the use of cookies. However, please note that refusing cookies may limit access to some services that require a login, and the user bears full responsibility for any such limitations.
Article 9. Contact Information for Privacy Officer and Relevant Department
① The Company has designated a Privacy Officer, who takes on the general roles and responsibilities of a Data Protection Officer (DPO), to ensure the protection of your personal data and handle any privacy-related inquiries or complaints.
Record | Privacy Officer | Department in Charge of Privacy Protection |
---|---|---|
Name | Chang-soon Park | Information Security Office |
Contact / E-mail | +82-31-710-2450 / cspark@suprema.co.kr | privacy@suprema.co.kr |
② Data subjects may contact the Privacy Officer and the competent department for any inquiries, complaints, or damages related to the protection of personal data that arise while using the Company's services (or business). The Company will promptly respond and handle inquiries from data subjects.
Article 10. Remedy for Infringement of Rights and Interests of Data Subjects
① If you need to report or consult about a violation of personal data, you can contact the agencies listed below for assistance:
Privacy Breach Report Center | Personal Information Dispute Mediation Committee | Cyber Investigation Division, Supreme Prosecutors' Office | Cybercrime Report and Management Bureau, National Police Agency |
---|---|---|---|
118 privacy.kisa.or.kr |
1833-6972 www.kopico.go.kr |
1301 www.spo.go.kr |
182 ecrm.police.go.kr |
② The Company ensures that data subjects have the right to control their personal data and is committed to offering assistance and solutions in case of any violations. If you need to report or seek advice, please use the contact details provided in Article 6.
Article 11. Privacy Policy of Other Websites
The website where the Company's Privacy Policy is posted may contain links to other websites. The Company's Privacy Policy applies solely to its own services provided on the website. Clicking on the links to third-party websites will require reviewing the respective privacy policies of those sites.
Article 12. Changes in Personal Data Processing Policy and Obligation to Notify
① This Privacy Policy may be updated whenever necessary to comply with legal requirements or Company policies. Any additions, deletions, or modifications to the policy will be communicated through the Company's website along with the reasons for the changes.
② This Privacy Policy will take effect on May 31, 2024, replacing all prior versions.
③ You can find the previous versions of our Privacy Policy below:
Link to previous Privacy Policy documents
- Privacy Policy v5.0 (August 31, 2023)