GJMEDI INC.
01Company
02R&D
03Products
04Customer Support
ETC Privacy Policy

Privacy Policy

GJMEDI INC.(‘www.gjmedi.com’hereinafter referred to as ‘the Company’) complies with personal information protection regulations in relevant laws that information and communication service providers must observe, such as the Telecommunications Secret Protection Act, the Electrical Communications Business Act, the Act on Promotion of Information and Communications Network Utilization and Information Protection, etc., the Personal Information Protection Act, and personal information protection guidelines enacted by the government. The Company strives to protect users' rights and interests by establishing a personal information processing policy in accordance with relevant laws. The Company's personal information processing policy contains the following details.
The Company's personal information processing policy contains the following details.

  • 1. Items of Personal Information Collected and Methods of Collection
  • 2. Sharing and Provision of Personal Information
  • 3. Entrustment of Personal Information Processing
  • 4. Retention and Use Period of Personal Information
  • 5. Procedures and Methods for Personal Information Destruction
  • 6. User's Rights and How to Exercise Them
  • 7. Matters Concerning the Installation / Operation and Refusal of Automatic Personal Information Collection Devices
  • 8. Technical / Managerial Protection Measures for Personal Information
  • 9. Contact Information for the Personal Information Protection Officer and Manager
  • 10. Miscellaneous
  • 11. Duty of Notification

Article 1 (Purpose of Personal Information Processing)

The Company processes personal information for the following purposes and does not use it for purposes other than those specified below.

  • - Confirmation of customer's intention to subscribe, identification and authentication of the individual for service provision, maintenance and management of membership, payment for goods or services supplied, provision of goods or services, etc.

Article 2 (Period of Personal Information Processing and Retention)

The Company processes and retains personal information within the personal information retention and use period agreed upon by the data subject or within the personal information retention and use period stipulated by law.

  • - Customer subscription and management: Until the service usage contract or membership registration is terminated, provided that if there is a remaining creditor-debtor relationship, until the settlement of the relevant creditor-debtor relationship.
  • - Records of contracts, subscription withdrawals, payment, and supply of goods in e-commerce: 5 years

Article 3 (Matters Concerning the Provision of Personal Information to Third Parties)

① The Company provides personal information to third parties only if it falls under Article 17 and 18 of the Personal Information Protection Act, such as with the consent of the data subject or special legal provisions.

② The Company provides personal information to third parties as follows:

  • - Recipient of personal information: Company
  • - Items of personal information used by the recipient: Name, email, mobile phone number, password, login ID, company phone number, position, department, company name, etc.
  • - Retention and use period by the recipient: 5 years

Article 4 (Entrustment of Personal Information Processing)

① The Company entrusts personal information processing to the following entities for smooth personal information processing operations.

  • 1. <Processing Entrustment>
  •   - Entrusted Party (Recipient): NICE Credit Information Co., Ltd.
  •   - Content of entrusted work: Identity verification (financial transactions, financial services), identity confirmation for membership service use, complaint handling such as grievance processing, delivery of notices, development of new services (products) and provision of customized services, provision of event and advertising information and opportunities to participate.
  •   - Entrustment period: 3 years

② When concluding an entrustment contract, the Company specifies in the contract or other documents, in accordance with Article 25 of the Personal Information Protection Act, matters concerning the prohibition of personal information processing beyond the purpose of the entrusted work, technical and administrative protection measures, restrictions on re-entrustment, management and supervision of the recipient, and liability for damages, and supervises whether the recipient handles personal information safely.

③ If the content of the entrusted work or the recipient changes, we will disclose it without delay through this personal information processing policy.

Article 5 (Rights of Data Subjects and Methods of Exercise)

① Data subjects may at any time exercise the following rights related to personal information protection against the Company.

  • 1. Request for access to personal information
  • 2. Request for correction if there are errors, etc.
  • 3. Request for deletion
  • 4. Request for suspension of processing

② You can exercise the rights under paragraph 1 against GJMEDI INC. . through written documents, email, fax, etc., according to Annex Form No. 8 of the Enforcement Rule of the Personal Information Protection Act, and GJMEDI INC. . will take immediate action on this.

③ If a data subject requests correction or deletion of errors in personal information, the Korea International Trade Association will not use or provide the personal information until the correction or deletion is completed.

Article 6 (Items of Personal Information Processed)

The Company processes the following personal information items.

  • - Required items: ID, password, name, email, mobile phone number, address
  • - Optional items: Legal guardian's name, legal guardian's home phone number, legal guardian's home address, legal guardian's mobile phone number, school name, graduation status, OA proficiency, desired industry, desired job, desired task, desired annual salary, desired employment type, self-introduction, etc.

Article 7 (Destruction of Personal Information)

In principle, the Company destroys personal information without delay once the purpose of personal information processing has been achieved. The procedures, deadlines, and methods of destruction are as follows.

① Destruction Procedure

  • - Information entered by users is transferred to a separate DB (or separate documents for paper records) after the purpose is achieved, and then stored for a certain period according to internal policies and other related laws, or destroyed immediately. Personal information stored in electronic file format is securely deleted using technical methods that cannot reproduce the records, and personal information printed on paper is destroyed by shredding or incineration. In this case, personal information transferred to the DB is not used for any other purpose unless required by law.

② Destruction Deadline

  • - When the retention period for a user's personal information has expired, the personal information is destroyed within 5 days from the end date of the retention period. When the personal information becomes unnecessary, such as when the purpose of personal information processing has been achieved, the relevant service is abolished, or the business is terminated, it is destroyed within 5 days from the date it is deemed no longer necessary.

Article 8 (Matters concerning the installation/operation and refusal of automatic personal information collection devices)

① The Company uses 'cookies' to store and retrieve usage information frequently, in order to provide individualized customized services.

② A cookie is a small piece of information that a server (http) used to operate a website sends to a user's computer browser, and it can be stored on the hard disk of the user's PC computer.

  • A. Purpose of cookie use: Cookies are used to provide optimized information to users by identifying their visit and usage patterns for various services and websites, popular search terms, security access status, etc.
  • B. Installation/operation and refusal of cookies: You can refuse cookie storage by setting options in the Tools > Internet Options > Privacy menu at the top of your web browser.
  • C. If you refuse to store cookies, you may experience difficulties using customized services.

Article 9 (Personal Information Protection Officer)

① The Company is responsible for overall personal information processing operations and has designated a personal information protection officer as follows to handle complaints and provide damage relief related to personal information processing for data subjects.

  • ▶ Personal Information Management Officer
  • - Name: Jung Mi-suk
  • - Position: CEO
  • - Tel: +82-51-581-2544
  • - Fax: +82-51-581-2545
  • - Email: infogjmedi@naver.com
  • ▶ Personal Information Protection Department
  • - Name: Jung Mi-suk
  • - Position: CEO
  • - Tel: +82-51-581-2544
  • - Fax: +82-51-581-2545
  • - Email: infogjmedi@naver.com

② Data subjects may inquire about all personal information protection related matters, including inquiries, complaint handling, and damage relief, that arise while using the Company's services (or business) with the personal information protection officer and the relevant department. The Company will promptly respond to and process data subjects' inquiries.

Article 10 (Changes to Personal Information Processing Policy)

This personal information processing policy takes effect from its enforcement date, and if there are additions, deletions, or corrections to the content of changes according to laws and policies, it will be announced through notices at least 7 days prior to the effective date of the changes.

Article 11 (Measures to Secure the Safety of Personal Information)

In accordance with Article 29 of the Personal Information Protection Act, the Company takes the following technical, administrative, and physical measures necessary to ensure safety.

① Regular self-audits

  • - We conduct regular self-audits (once a quarter) to ensure safety related to personal information handling.

② Minimization and education of personal information handling staff

  • - We designate staff who handle personal information and implement measures to manage personal information by minimizing them to only those in charge.

③ Establishment and implementation of internal management plans

  • - We establish and implement internal management plans for the safe processing of personal information.

④ Encryption of personal information

  • - Users' personal information and passwords are encrypted, stored, and managed, so only the user knows them, and important data uses separate security functions such as encrypting files and transmitted data or using file lock functions.

⑤ Storage of access records and prevention of falsification/alteration

  • - We store and manage records of access to the personal information processing system for at least 6 months, and use security functions to prevent access records from being falsified, altered, stolen, or lost.

⑥ Restriction of access to personal information

  • - We take necessary measures for access control to personal information by granting, changing, and revoking access rights to the database system that processes personal information, and control unauthorized access from outside using an intrusion prevention system.

⑦ Use of locking devices for document security

  • - Documents containing personal information, auxiliary storage media, etc., are stored in a secure place with locking devices.

⑧ Access control for unauthorized persons

  • - We maintain a separate physical storage location for personal information and establish and operate access control procedures for it.

Article 12 (Request for Personal Information Access)

① Data subjects may request access to their personal information in accordance with Article 35 of the Personal Information Protection Act to the department below. The Company will strive to quickly process data subjects' requests for personal information access.

  • ▶ Department for receiving and processing requests for personal information access
  • - Name: Jung Mi-suk
  • - Position: CEO
  • - Tel: +82-51-581-2544
  • - Fax: +82-51-581-2545
  • - Email: infogjmedi@naver.com

② Data subjects can also request access to personal information through the Ministry of Interior and Safety's 'Integrated Personal Information Protection Support Portal' website (www.privacy.go.kr), in addition to the access request reception and processing department in Paragraph 1.

Ministry of Interior and Safety Integrated Personal Information Protection Support Portal → Personal Information Complaints → Request for Personal Information Access, etc. (i-PIN is required for identity verification)

Article 13 (Remedies for Infringement of Data Subject's Rights)

The organizations below are separate from the Company. If you are not satisfied with the Company's own personal information complaint handling or damage relief results, or if you need more detailed assistance, please contact them.

  • ▶ Personal Information Infringement Report Center (Operated by Korea Internet & Security Agency)
  • - Responsibilities: Reporting personal information infringement, applying for consultation
  • - Website: privacy.kisa.or.kr
  • - Phone: 118 (without area code)
  • - Address: (58324) 3rd Floor, Personal Information Infringement Report Center, 9 Jinheung-gil, Naju-si, Jeollanam-do (Bitgaram-dong 301-2)
  • ▶ Personal Information Dispute Mediation Committee
  • - Responsibilities: Applying for personal information dispute mediation, collective dispute mediation (civil resolution)
  • - Website: www.kopico.go.kr
  • - Phone: 1833-6972 (without area code)
  • - Address: (03171) 4th Floor, Government Complex Seoul, 209 Sejong-daero, Jongno-gu, Seoul
  • ▶ Supreme Prosecutors' Office Cybercrime Investigation Division
  • - Website: www.spo.go.kr
  • - Phone: +82-2-3480-3573
  • ▶ National Police Agency Cyber Security Bureau
  • - Website: http://cyberbureau.police.go.kr
  • - Phone: 182