Privacy Policy

KRST Co., Ltd. ('www.krst.co.kr', hereinafter referred to as 'KRST') follows the Personal Information Protection Act to protect users' personal information and rights, and to effectively handle any complaints related to personal information. The company has established the following privacy policy for this purpose.

KRST Co., Ltd. ('www.krst.co.kr', hereinafter referred to as 'KRST') will notify any amendments to the privacy policy via website announcements (or individual notifications).

This policy is effective from April 29, 2019.

1. Purpose of Personal Information Processing

KRST Co., Ltd. ('www.krst.co.kr', hereinafter referred to as 'KRST') processes personal information for the following purposes and will not use it for any other purposes:

  • Necessary details and contact information for customer inquiries

2. Personal Information Processing and Retention Period

KRST Co., Ltd. ('www.krst.co.kr', hereinafter referred to as 'KRST') processes and retains personal information within the period consented by the data subject or as required by law.

3. Rights and Obligations of Data Subjects and How to Exercise Them

As a data subject, you have the right to:

  • Request access to personal information
  • Request correction if there are errors
  • Request deletion of personal information
  • Request suspension of processing
  • Personal Data Processing Outsourcing
  • To ensure smooth personal data processing, KRST Co., Ltd. ('www.krst.co.kr', hereinafter referred to as 'KRST') outsources some of the personal data processing tasks.

When entering into outsourcing contracts, KRST Co., Ltd. ensures compliance with Article 25 of the Personal Information Protection Act, specifying the prohibition of processing personal information beyond the outsourcing purpose, technical and managerial protection measures, restrictions on re-outsourcing, management and supervision of the service provider, and responsibilities regarding compensation. The company monitors whether the service provider handles personal information securely.

If there is any change in the outsourcing tasks or the service provider, KRST will disclose it without delay through this privacy policy.

4. Exercising Rights and Obligations of Data Subjects

Data subjects can exercise the following rights concerning their personal information processed by KRST Co., Ltd. ('www.krst.co.kr', hereinafter referred to as 'KRST'):

  • Request access to personal information
  • Request correction of any errors
  • Request deletion of personal information
  • Request suspension of processing

5. Personal Data Items Processed

KRST Co., Ltd. ('www.krst.co.kr', hereinafter referred to as 'KRST') processes the following personal data:

  • Inquiry
    • Required Fields: Inquiry Category, Name, Contact Information, Email, Inquiry Details, Access Logs, Cookies, IP Address Information
    • Optional Fields: Company Name

6. Destruction of Personal Information

KRST Co., Ltd. ('KRST') will destroy personal information without delay once the purpose for processing is achieved. The process, period, and method of destruction are as follows:

  • Destruction Procedure:
    • Information entered by users is moved to a separate database or physical documents and stored for a certain period in accordance with internal policies and other relevant laws, and then destroyed. Personal data moved to the database will not be used for any other purpose unless required by law.
  • Destruction Period:
    • If the user's personal information has reached the retention period, it will be destroyed within 5 days from the end of the retention period. If the personal information is no longer necessary due to the achievement of processing purposes, discontinuation of services, or termination of business, it will be destroyed within 5 days from the date it is deemed unnecessary for processing.

7. Installation, Operation, and Refusal of Automatic Collection Devices for Personal Information

KRST Co., Ltd. ('www.krst.co.kr', hereinafter referred to as 'KRST') uses cookies to provide personalized services by storing and retrieving user information periodically.

A cookie is a small amount of information sent by the server (http) operating the website to the user's computer browser and may be stored on the user's computer's hard disk.

  • Purpose of Cookie Usage: Cookies are used to analyze the user's visit and usage patterns for each service and website, popular search terms, security access status, etc., in order to provide optimized information to the user.
  • Installing, Operating, and Refusing Cookies: Cookies can be rejected by setting the options in the Privacy menu of the web browser’s Tools > Internet Options.
  • If cookies are rejected, it may be difficult to use personalized services.

8. Personal Data Protection Officer

KRST Co., Ltd. ('www.krst.co.kr', hereinafter referred to as 'KRST') is responsible for overseeing personal data processing, addressing complaints, and providing compensation for data subjects. The designated Personal Data Protection Officer is as follows:

  • Personal Data Protection Officer
    • Name: Song Ho-jin
    • Title: CEO
    • Contact: 082-54-762-8225, roll@koreatoho.com

※ This will connect to the personal data protection department.

Data subjects may contact the Personal Data Protection Officer or department for any inquiries, complaints, or damage claims related to personal information protection while using KRST Co., Ltd. ('www.krst.co.kr', hereinafter referred to as 'KRST') services (or business). KRST will respond and handle inquiries without delay.

9. Changes to the Privacy Policy

This privacy policy will apply from the effective date, and in the case of any changes, additions, deletions, or corrections to the provisions based on legal requirements or internal policies, the changes will be announced 7 days prior to implementation via website notices.

10. Measures to Ensure the Security of Personal Information

In accordance with Article 29 of the Personal Information Protection Act, KRST Co., Ltd. ('KRST') has implemented the following technical, managerial, and physical measures necessary to ensure the security of personal information:

  • Regular Internal Audits
    • We conduct regular (quarterly) internal audits to ensure the security of personal information.
  • Minimizing and Training of Employees Handling Personal Information
    • We designate specific employees to handle personal information, limiting access to only those responsible, and implement measures to minimize exposure.
  • Establishment and Implementation of Internal Management Plans
    • We have established and implemented internal management plans to ensure the secure handling of personal information.
  • Technical Measures Against Hacking
    • KRST Co., Ltd. ('KRST') installs and regularly updates security programs to prevent personal information leaks and damage caused by hacking or computer viruses. We install systems in areas with restricted external access and apply technical and physical monitoring and blocking.
  • Encryption of Personal Information
    • The personal information of users is encrypted and stored securely, known only to the user. Sensitive data is protected by encryption or file-locking features during transmission or storage.
  • Record of Access and Prevention of Alteration
    • We store and manage access logs for at least 6 months and use security functions to prevent any tampering, theft, or loss of these records.
  • Access Restrictions to Personal Information
    • We implement necessary measures to control access to personal information by granting, modifying, or deleting access rights in the database system, and restrict unauthorized external access through intrusion prevention systems.