welstory

1. Types and Methods of Personal Information Collection

• (1) The Company collects the following personal information.

• Types and Methods of Personal Information Collection

  Classification	Required Items	Optional Items	Purpose of Collection and Use
  Voice of the Customer	Subject, inquiring item, name, contact information, e-mail, consultation contents, restaurant used, whether answered	Attached documents	Used to respond to the opinions of the customer
  Online Consultation	Inquiring item, name, contact information, address, company name, e-mail, consultation contents	Attached documents	For consultation on food supplies for contracted foodservice, group foodservice and dining-out
  Information Generated and/or Collected During the Use of the Service	Cookies, access URL, access IP, browser type, access date	-	Providing customized-information optimized for users
  Mobile Easy Login	Name, telephone, date of birth, gender, device ID	-	Verifying the posted menu through collecting the minimum information

• (2) Persons under the age of 14
• (3) Long-term non-user (1 year) shall be withdrawn automatically.
• (4) The Company collects personal information through the following methods.
• 1. 1) Homepage, mobile applicable, e-mail, telephone

2. Purpose of Collection and Use of Personal Information

• The Company processes the personal information for the following purposes. The personal information collected shall not be used outside the following purposes and shall obtain prior consent when the purpose of use changes.
• (1) Processing of Customer Inquiry
• Personal information shall be processed for the purposes of verifying the identity of the customer, verifying the requests or inquiries, contacting/notifying for fact-checking, notification of processing results, etc.
• (2) Marketing and Advertisement Purposes
• Personal information shall be processed for providing advertising information, such as events, delivery of event prizes, development and specialization of new services, provision of service and the posting of advertisements pursuant to demographic characteristics, sending of newsletters, determination of access frequency and/or statistics on the service use by the members.

3. Matters on the Provision of Personal Information to Third Parties

• (1) The Company shall use the personal information of users only for the purposes stipulated in “Article 2: Purpose of Collection and Use of Personal Information” and shall not be used outside such purposes without obtaining prior consent of the users nor disclose to the outside, as a rule, except for the following.
• 1. 1) Prior consent of the users
  2. 2) Pursuant to the relevant laws or requests of investigative agencies for investigative purposes and according to the procedures and methods stipulated by the relevant laws

4. Entrustment of the Processing of Personal Information

The Company entrusts the processing of personal information in order to improve the services, as follows, and stipulates all necessary matters to safely manage the personal information in the entrustment contract pursuant to the relevant laws.

• (1) The Company entrusts the processing of personal information as follows.

• 개인정보의 처리위탁표

  Trustee	Entrusted Responsibilities
  Companion System Co., Ltd.	Establishment and Maintenance of the Website Establishment and Maintenance of the Mobile Applicable of Welstory (Welstory +)
  Samsung SDS	System management and Maintenance of the Integrated CS System
  Human Power Tech	Customer Service

• (2) The Company shall stipulate the prohibition of the processing of personal information outside the purposes of performing the entrusted responsibilities, technical and administrative protection measures, restriction on re-entrustment, management and supervision of trustees, and indemnification, etc. in the entrustment contract pursuant to Article 25 of the Act on the Promotion of Information and Communications Network Utilization and Information Protection, Etc. The Company shall supervise the trustees to safely process the personal information.
• (3) The Company shall announce any changes to the entrusted responsibilities or the trustees through this privacy policy, without delay.

5. Processing and Retention Period of Personal Information

• (1) The Company shall process and/or retain the personal information within the retention and/or use period pursuant to the relevant laws or as consented to by the user at the time of collecting the personal information.
• (2) Processing and retention period for each type of personal information are as follows.

  Personal information shall be retained and used for the period from the date of consent on the collection and use of the personal information until each of the relevant purposes listed above is fulfilled.

  1. 1) Processing and Retention Period
  2. 1. ① Customer Inquiry Information
        • - Reason for Retention: to monitor feedback in response to customer requests
        • - Retention Period: 3 years
     2. ② Website Use Records
        • - Reason for Retention: to avoid confusion in the user of services and to ensure cooperation with investigative agencies on illegal users
        • - Retention Period: 3 months
     3. ③ E-mail Transmission Records
        • - Reason for Retention: to collect evidence on the abnormal use of services
        • - Retention Period: 6 months

6. Rights of the Users and Legal Representatives and the Method of Exercising Such Rights

• (1) Users may exercise the rights on each of the following personal information protection against the Company at any time.
  1. 1) Request to access their personal information
  2. 2) Request to correct errors, etc.
  3. 3) Request for deletion
  4. 4) Request to suspend processing
• (2) The rights pursuant to Paragraph 1 may be exercised through the submission of writing, electronic mail, facsimile or telephone, etc. according to the procedures of the Company, and the Company shall take such measures without delay.
• (3) In the event the user requests correction or deletion on the errors, etc. in their personal information, the Company shall not use or provide the concerned personal information until the correction or deletion is complete.
• (4) The Company shall notify the user through email or notification on the website, etc. upon the infringement or leakage of the personal information, without delay.

7. Matters Concerning the Installation, Operations and Refusal of the Automated Personal Information Collection Devices

• (1) What is a cookie?
  1. 1) The Company uses cookies to store and retrieve the information of users in order to provide individualized and customized services.
  2. 2) A cookie is a very small text file sent by the server of a website to the browser of a user that is stored on the hard disk of the user’s computer. When a user revisits the website, the website server retrieves the cookie stored on the user’s hard disk and uses the information stored therein to restore the user’s settings and to provide customized services.
  3. 3) Cookies do not automatically and/or actively collect any personally identifiable information, and the user may opt not to have cookies stored on their hard disk or delete such cookies.
• (2) Purposes of using cookies by the Company

  The Company uses cookies to provide highly customized information, including advertisements, to the users by determining the access and type of use on each service and websites visited by users, the security of the connection, the number of users, etc.

• (3) Installation and operations of cookies and refusal thereof
  1. 1) Users have an option on the installation of cookies. Therefore, users may permit all cookies, require confirmation for the installation of each cookie or prevent the installation of all cookies by configuring their web browser options.
  2. 2) Provided, when the installation of cookies is rejected, there may be difficulties in providing services.
  3. 3) The following is the procedure for setting user preferences regarding the installation of cookies (for Internet Explorer). [Upper menu of the web browser: Tools〉Internet Options〉Privacy〉Select Decided Privacy Setting]

8. Procedure and Method of Personal Information Destruction

The Company shall destroy the personal information of users upon achieving the purposes of collection and use, as a rule. The following are the procedure, deadline and method of personal information destruction.

• (1) Procedure for Destruction
  1. 1) The personal information provided by users shall be destroyed upon achieving the purpose, without delay. In case such information must be retained pursuant to the relevant laws, it shall be moved to a separate database (to a separate document box for physical documents) and shall be destroyed after being retained for a fixed period pursuant to internal guidelines and other relevant laws, without delay.
  2. 2) At such a time, the personal information moved to the database shall not be used for other purposes, unless pursuant to laws.
• (2) Deadline for Destruction
  1. 1) The personal information of users shall be destroyed, without delay, upon the expiry of the retention period of such personal information, upon achieving the purpose of processing the personal information and upon such personal information becoming unnecessary, such as the close of the concerned services or the termination of business, etc.
• (3) Method of Destruction
  1. 1) Personal information in the form of a physical document shall be destroyed by a paper shredder or incinerated.
  2. 2) Personal information stored in an electronic format shall be destroyed in such a way that renders it unrecoverable by any technological means.

9. Measures to Ensure the Safety of Personal Information

The Company takes the following technical, managerial and physical measures to ensure the safety of personal information.

• (1) Regular Internal Audit
  1. 1) Internal audits are conducted regularly to ensure the security related to the handling of personal information.
• (2) Establishment and Implementation of the Internal Management Plan
  1. 1) The internal management plan is established and implemented for the safe processing of personal information.
• (3) Encryption of Personal Information
  1. 1) Important personal information is stored and managed in an encrypted format as required by the relevant laws so only the concerned individual can identify it. Moreover, such important data and transmission data are encrypted or subjected to a separate security measures, such a file locking.
• (4) Technical Measures Against Hacking, etc.
  1. 1) The Company installs security programs to prevent the leakage of, and damage of, personal information from hacking and computer viruses, etc. and performs regular renewal and inspection. The system is installed at a location where access from the outside is restricted and conducts technical and physical detection and interception.
• (5) Restriction on Access to Personal Information
  1. 1) The access to personal information is controlled through granting, modification and removal of an access authority on the database system that processes the personal information, and unauthorized access from the outside is restricted through the use of a firewall.
• (6) Retention of Access Records and the Prevention of Forgery
  1. 1) Access records to the personal information processing system are retained and managed for at least 6 months, and security functions are utilized to prevent forgery, theft and/or loss of the access records.
• (7) Use of the Locking Device for Document Security
  1. 1) Documents and data storage devices, etc. containing personal data are kept in secure locations with locking devices.
• (8) Restriction of Access by Unauthorized Persons
  1. 1) A separate physical storage space to store personal information is maintained, and an access control procedure is established and implemented for such a location.

10. Contact Information of the Privacy Officer and Privacy Manager

• (1) All inquiries, complaints, damage relief, etc. concerning all personal information protection that arises in the course of using the services (or business) of the Company should be directed to the privacy officer or privacy department. The Company shall provide replies to such inquiries without delay.
• Privacy Officer
  1. Name: Rho, Ilho
  2. Position: Privacy Officer
  3. Rank: Executive Vice President
  4. Contact: ☎ 1544-8272
• Privacy Department
  1. [Customer Inquiry]
  2. Department: CS Part
  3. Name: Kim, Jiyoung, Assistant Manager
  4. Contact: ☎ +82-31-5171-1913, twinkle.kim@samsung.com
  1. [Online Consultation_ Contracted Food Service]
  2. Department: Marketing Group
  3. Name: Kim, Nayoung, Manager
  4. Contact: ☎ +82-31-5171-1714, ny76.kim@samsung.com
  1. [Online Consultation_ Hospital Food Service]
  2. Department: Marketing Group
  3. Name: Kim, Nayoung, Manager
  4. Contact: ☎ +82-31-5171-1714, ny76.kim@samsung.com
  1. [Online Consultation_ Food Distribution]
  2. Department: Purchase Support Group
  3. Name: Kim, Nuri, Assistant Manager
  4. Contact: ☎ +82-31-5171-4014, nu-ri.kim@samsung.com
  1. [Online-Consultation_ Food Purchase]
  2. Department: FD Food Service Management Part
  3. Name: Kim, Minseo, Assistant Manager
  4. Contact: ☎ +82-31-5171-4417, mins412.kim@samsung.com
  5. Department: FD Restaurant Part
  6. Name: Kim, Dongmin, Senior Staff
  7. Contact: ☎ +82-31-5171-4344, dmins.kim@samsung.com
• (2) Please contact the following agencies for the reporting of other privacy infringements and consultations.
  • - KISA Privacy Center (privacy.kisa.or.kr / 118)
  • - Supreme Prosecutors’ Office of the Republic of Korea (www.spo.go.kr / 1301)
  • - Cyber Terror Response Center (http://www.police.go.kr/www/security/cyber.jsp / 182)

11. Modification of the Privacy Policy

This privacy policy shall become effective as of the implementation date, and any additions, deletions and corrections of the terms pursuant to the relevant laws and/or policy shall be announced.