The Company collects the following personal information for quotation requests.

• Required Information: Name, Email, Phone Number
• Collection Method: Website > Business Areas > Products > Product Inquiry

In principle, the Company destroys personal information without delay after the purpose of collection and use has been achieved.
However, the following information will be retained for the specified period for the reason described below:

• Items Retained: Name, Email, Mobile Phone Number, Address
• Basis for Retention: Internal Management Regulations
• Retention Period: 2 years

Users may, at any time, request access to, correction of, or deletion of their personal information held by the Company. Upon receiving such a request, the Company will promptly take the necessary actions.
If a user requests the correction of an error in their personal information, the information will not be used until the correction is completed.
Once personal information is deleted at the user’s request, it will no longer be retained or used by the Company. Requests for deletion may be submitted via email, fax, or phone.

In principle, the Company will destroy personal information without delay once the purpose of its collection and use has been fulfilled.
The destruction procedure and methods are as follows:

Destruction Procedure

Personal information provided for quotation requests or product inquiries will be transferred to a separate database once its purpose has been achieved
and retained for a specified period (see Retention and Use Period) in accordance with internal policies and relevant laws for information protection purposes.
After this period, the information will be permanently destroyed. Personal information stored in a separate database will not be used for any purpose other than its intended retention, unless required by law.

Destruction Methods

Personal information stored in electronic files will be deleted using technical means that render the records unrecoverable.
Printed materials, written documents, and other non-electronic records will be destroyed by shredding or incineration.

In handling personal information, the Company takes the following measures to ensure its security to prevent loss, theft, leakage, alteration, or damage:

A. Establishment and Implementation of an Internal Management Plan

The Company establishes and implements an internal management plan in accordance with the Standards for Ensuring the Security of Personal Information.

B. Minimization and Training of Personnel Handling Personal Information

Access to personal information is limited to authorized personnel only. Passwords are assigned to these employees and are regularly updated.
The Company also provides ad hoc training to reinforce compliance with its Privacy Policy.

C. Restricted Access to Personal Information

The Company takes necessary measures to control access to personal information such as granting, modifying,
and deleting access rights to the database system that processes personal information.

D. Retention of Access Records and Prevention of Forgery and Alteration

The Company retains and manages the records of accessing the personal information processing system (web logs, etc.)
for at least six months and employs security measures to prevent forgery, alteration, theft, or loss of these records.

E. Encryption of Personal Information

Users’ personal information is stored and managed in an encrypted form. Also, important data are encrypted for storage and transmission.
In addition, the Company employs additional security measures, such as encrypting important data for storage and transmission, to ensure the protection of personal information.

F. Countermeasures Against Hacking, etc.

• The Company is committed to preventing the leakage or damage of users’ personal information caused by hacking, computer viruses, or other security threats.
  To safeguard personal information and data, the Company regularly backs up data and uses the latest antivirus software, and uses encrypted communication to ensure
  the safe transmission of personal information over networks.
• Furthermore, the Company uses an intrusion prevention system to block unauthorized external access and we strives to implement all possible technical measures to ensure security across its systems.

G. Access Control for Unauthorized Personnel

The Company maintains a separate physical storage location for systems used to store personal information and implements access control procedures.

H. Password Encryption

Passwords are encrypted for secure storage and management and are known only to the data subject. Access to or modification of personal information is possible only by the data subject who knows the password.

I. Personal Information Protection Organization

The Company operates an internal personal information protection organization to monitor compliance with the Privacy Policy by the Company and its employees.
If any issues are identified, the organization takes immediate corrective action.
However, the Company assumes no responsibility for any issues arising from the leakage of personal information, such as ID, password, and resident registration number, due to the data subject’s negligence or Internet issues.

The Company does not currently operate any devices, such as cookies, that automatically collect personal information generated when using the services.
However, if such devices become necessary for service provision in the future, the Company may install and operate them. In such cases, users will have the option to accept or reject cookies.

A. What Are Cookies?

To provide personalized and customized services, the Company may use “cookies” to store and periodically retrieve user information.
Cookies are small text files sent by the website server to the user’s browser and are stored on the user’s computer hard drive.
When a user visits the website, the server reads the cookie stored on the user’s device to maintain user preferences and provide customized services.
Cookies do not automatically or actively collect personally identifiable information, and the users may reject or delete these cookies at any time.

B. Purpose of Using Cookies

The Company is not currently using cookies.
However, they may be used in the future to maintain user references and provide customized services.

Installation, Operation, and Rejection of Cookies

Users have the right to choose whether to accept cookies.
Through their web browser settings, users can accept all cookies, receive a prompt each time a cookie is stored, or reject all cookies.
Please note that rejecting cookies may result in difficulties using services that require login. How to Enable or Disable Cookies (Example: Internet Explorer).

• Go to the [Tools] from the menu and select [Internet Options].
• Click the [Privacy] tab.
• Set your cookie preferences under [Advanced].

Users have the following rights with respect to their personal information:

A. Request for Access to Personal Information

In accordance with Article 35 (Access to Personal Information) of the Personal Information Protection Act,
users may request access to their personal information held by the Company at any time.
However, the Company may restrict access in the following cases:

• When access is prohibited or restricted by law; or
• When there is a risk of harming another person’s life or body, or unjustly infringing upon another person’s property or other interests.

B. Requests for Correction or Deletion of Personal Information

Users may request the correction or deletion of their personal information held by the company in accordance with Article 36 (Correction and Deletion of Personal Information) of the Personal Information Protection Act.
However, if the personal information in question is explicitly required to be retained under other applicable laws or regulations, the deletion request cannot be processed.

C. Requests for Suspension of Personal Information Processing

Users may request suspension of processing of personal information held by the Company pursuant to Article 37 (Correction and Deletion of Personal Information) of the Personal Information Protection Act.
However, requests for suspension of processing may be rejected in the following cases:

• Where processing is unavoidable in order to comply with legal obligations or statutory requirements;
• Where suspension of processing may harm another person’s life or physical safety, or infringe upon another person’s property or other interests; or
• Where suspension of processing would make it impossible to fulfill a contract, such as the provision of agreed services, and the data subject has not clearly expressed an intention to terminate the contract.

D. Other

• When a user requests correction or deletion of their personal information, the Company will not use or disclose the relevant information until the request is fulfilled.
• If the Company has already shared the incorrect personal information with a third party, it will promptly notify the third party of the results of the correction or deletion process to ensure the correction is made.
• The Company handles personal information that has been canceled or deleted at the request of the data subject or their legal representative in accordance with the retention and usage period specified in the Privacy Policy and ensures that such information cannot be accessed or used for any other purpose.

Matters Concerning the Third-Party Processing of Personal Information

When entering into a personal information processing service agreement with a third party, the Company species in the contract or other document matters concerning the prohibition of processing personal information for purposes other than those specified, technical and administrative protection measures, restrictions on subcontracting, management and supervision of the service provider, and liability for damages, pursuant to Article 25 of the Personal Information Protection Act. The Company also supervises the service provider to ensure safe processing of personal information.

Privacy Inquiry and Complaint Services

To protect users’ personal information and handle any complaints related to privacy, the Company has appointed privacy officers as follows:

Chief Privacy Officer

• Name: Lee Kwan-hyung
• Phone: +82-42-363-9147
• Email: drakwan@oneduksan.com

Privacy Officer

• Contact: Lee Geonu
• Phone: +82-42-363-9106
• Email: gnulee@oneduksan.com

You may report any privacy-related complaints that arise while using the Company’s services to the Chief Privacy Officer or the relevant department.
The Company will make every effort to promptly and thoroughly respond to your reports and concerns.

If you require further consultation or wish to report a case of privacy infringements, please contact any of the following organizations:

• Personal Information Dispute Mediation Committee (www.kopico.go.kr, Tel. 1336)
• Information Protection Mark Certification Committee (www.eprivacy.or.kr, Tel. 02-580-0533~4)
• Supreme Prosecutors’ Office Cybercrime Investigation Division (http://www.spo.go.kr, Tel. 02-3480-3573)
• National Police Agency Cyber ​Terror Response Division (www.police.go.kr, Tel. 02-392-0330)