Shortcut to text
Search
닫기
\
privacy policy
As an ‘Enlightened company,’ KT&G
Go to Main
privacy policy
privacy policy

KT&G Personal Information Processing Policy

KT&G Corporation (hereinafter referred to as the "Company") complies with the Personal Information Protection Act and related laws and regulations to lawfully process and securely manage personal information, thereby protecting the freedoms and rights of the information subjects. In accordance with Article 30 of the Personal Information Protection Act, this policy is established and disclosed to guide the procedures and standards for the processing and protection of personal information and to ensure that any related grievances are addressed swiftly and smoothly.

※ For more details, please refer to the "Personal Information Processing Policy" below.

Table of Contents
Article 1. Purpose of Processing Personal Information, Items Collected, and Usage Period

The company collects and processes the minimum necessary personal information for the following purposes. The personal information being processed will not be used for any purpose other than those listed below, and if the purpose changes, necessary measures such as obtaining separate consent in accordance with the Personal Information Protection Act will be implemented.

  • ① Personal Information Items Processed with the Consent of the Information Subject

    The company processes the following personal information with the consent of the information subject as per Article 15(1)(1) of the "Personal Information Protection Act".

    Category Type Purpose of Collection Items Collected Retention and Usage Period
    Customer Inquiry Mandatory Verifying inquirer, receiving/handling/responding to inquiries Name, Email, Details of inquiry (type/title/content), Confirmation of being over 14 years old 1 month from the date of inquiry
    Optional Registering reference materials, securing additional communication methods and telephone responses if needed Attached files, contact information
    Unethical Behavior Reporting Mandatory Verifying reporter, receiving/handling/responding to reports Name, Contact information, Email, Details of report (type/title/content), Password for checking my post, Confirmation of being over 14 years old 3 years after conclusion of related actions, etc.
    Optional Quick and accurate verification of facts and measures Location, Regional headquarters, Attached files
    Safety and Health Communication Forum Mandatory Receiving/handling/responding to opinions Email, Details of opinion (category/institution/title/content), Confirmation of being over 14 years old 5 years after review of related actions
    Optional Verification of details related to the opinion Attached files
    Commercial Use of Imagery Mandatory Verifying requester, receiving/handling/approval of requests Company name, Person in charge, Email, Confirmation of being over 14 years old 1 month from the date of request
    Optional Verification of imagery usage period and securing additional communication methods Contact information
    SNS Events Mandatory Participation details and identity verification, prize dispatch Name, Contact information, ID (nickname)
    Collection items may vary by event, and consent will be obtained after notification.    		 5 days after dispatching event prizes

  • ② Personal Information Items Processed Without the Consent of the Information Subject

    The company discloses the items and the legal basis for processing personal information without the consent of the information subject in this "Personal Information Processing Policy."

  • ③ During the use of services or in the process of handling services, the following information may be automatically generated and collected:

    Purpose of Collection Items Collected
    Statistical analysis and prevention of illegal/unfair usage Browser information, IP address, date and time of visit
    Providing customized services
    (maintaining user settings)    		 Cookies
Article 2. Processing of Personal Information for Children Under 14 Years Old

The company does not process personal information of children under 14 years old without the consent of their legal guardian, as the collection and use of personal information require such consent.

Article 3. Processing and retention period of personal information

The company processes and retains personal information within the retention and usage period agreed upon by the information subject at the time of collection or as prescribed by laws.

  • ① The retention period for personal information collected for each purpose and service can be found in detail in <Article 1: Purpose of Processing Personal Information, Items Collected, and Usage Period>.
  • ② The retention periods prescribed by relevant laws are as follows:
    Law Subject Retention Period
    Enforcement Decree of the Serious Accidents Punishment Act Article 13 [Safety and Health Communication Forum] Employees and the general public's opinions 5 years from the date actions are taken
Article 4. Procedures and Methods for the Destruction of Personal Information

The company destroys personal information according to the following procedures and methods:

  • ① Personal information that has become unnecessary due to the expiration of the retention period or the achievement of the processing purpose is destroyed without delay. However, if retention is required by other laws, such information is physically or logically separated and stored separately.
    ※ Preservation subjects according to other laws can be verified in <Article 3: Processing and Retention Period of Personal Information>.
  • ②Personal information stored in electronic file format is destroyed in a manner that prevents its recovery, and personal information recorded on paper documents is incinerated or shredded.
Article 5. Provision of Personal Information to Third Parties
  • ① The company processes personal information within the scope specified for the processing purpose and only provides it to third parties in cases stipulated by Articles 17 and 18 of the Personal Information Protection Act, such as with the consent of the information subject or under special provisions of law, and does not provide it to third parties otherwise.
  • ② In accordance with the 'Personal Information Processing and Protection Guidelines for Emergency Situations' jointly announced by government ministries, the company may provide personal information to relevant authorities without the consent of the information subject in cases of emergencies, such as disasters, infectious diseases, urgent threats to life or physical safety, and urgent property loss. For more details, please click <here>.
  • ③ The company provides personal information as follows to ensure smooth service delivery:
    Legal Basis Recipient Purpose of Provision Items Provided Retention and Usage Period
    Article 17(1)(1) of the Personal Information Protection Act (Consent of the information subject) KT&G affiliates
    (See list)    		 Investigation and verification of reports on unethical behavior - Name, contact information, email, details of report (type/title/content)
    - Region/attached files
    * If consent is given for the collection and use of optional items and submitted     		Immediate deletion after the conclusion of related actions, etc.
    Operators/partner companies of KT&G reported by complainants
Article 6. Outsourcing of Personal Information Processing Tasks
  • ① The company may outsource the processing of personal information to ensure smooth service provision and will disclose this in the "Personal Information Processing Policy" to allow the information subjects to easily verify it at any time.
  • ② The company outsources personal information processing tasks as follows:
    Outsourced Party (Trustee) Outsourced Tasks Personal Information Items Retention and Usage Period
    Easymedia Co., Ltd Website maintenance All personal information collected from the website, including name, contact information, email, etc. (refer to Article 1) Until the end of the outsourcing contract
    (not retained separately)
    SK Corporation (Subcontractors - Daeshin Networks, ITNC) Infrastructure operation All personal information collected from the website, including name, contact information, email, etc. (refer to Article 1) Until the end of the outsourcing contract
    (not retained separately)
    The SMC Group SNS operation agency All personal information collected for event execution and prize dispatch, including name, contact information, etc. (refer to Article 1) 5 days after each event's prize dispatch
  • ③ When concluding the outsourcing contract, the company specifies in the contract and other documents the matters related to the prohibition of processing personal information beyond the purpose of the outsourced tasks, technical and administrative protection measures, restrictions on subcontracting, management and supervision of the trustee, and liability for damages, in accordance with Article 26 of the Personal Information Protection Act. The company supervises the trustee to ensure the secure processing of personal information.
  • ④ In accordance with Article 26(6) of the Personal Information Protection Act, when a trustee subcontracts the company's personal information processing tasks, it does so with the company’s consent.
  • ⑤ If there is a change in the trustee or the outsourced tasks, the company will promptly disclose this through the "Personal Information Processing Policy".
Article 7. Measures to Ensure the Security of Personal Information
  • The company takes the following measures to ensure the security of personal information:
    • 1. Administrative measures: Establishment and implementation of internal management plans for personal information, operation of dedicated organizations, and regular training of employees.
    • 2. Technical measures: Management of access rights to personal information processing systems, installation of access control systems, encryption of passwords, and installation and updating of security programs.
    • 3. Physical measures: Access control to the locations where personal information is stored, such as data centers.
Article 8. Installation, Operation, and Rejection of Automatic Personal Information Collection Devices
  • ① 'Cookies' are small pieces of information sent by the server used to operate a website to the browser of the information subject and are stored on the subject's device.
  • ② The company uses cookies to provide customized services (maintaining user settings).
  • ③ Information subjects can set their web/mobile browser options to allow or block cookies. However, refusing to store cookies may make it difficult to use customized services.
    • 1. Methods to allow and block cookies in web/mobile browsers:
      • 가. Chrome: Web/Mobile Browser Settings > Privacy and Security > Clear Browsing Data
      • 나. Edge: Web Browser Settings > Cookies and Site Permissions > Manage and Delete Cookies and Site Data
      • 다. Safari: Mobile Browser Settings > Safari > Advanced > Block All Cookies
      • 라. Samsung Internet: Mobile Browser Settings > Internet Usage History > Delete Internet Usage History
Article 9. Rights, Duties, and Methods of Exercise of the Information Subject
  • ① According to the Personal Information Protection Act, information subjects can exercise the following rights regarding their personal information at any time:
    • 1. Access to personal information
    • 2. Correction of personal information
    • 3. Deletion of personal information
    • 4. Suspension of processing of personal information
    • 5. Withdrawal of consent for personal information
    • 6. Refusal of notification of personal information usage/provision
  • ② Rights under the above clause can be requested in writing, via email, etc., and the company will respond without delay.
    • 1. The company verifies whether the person exercising the rights is the information subject or a legitimate representative. If requesting through a representative, a power of attorney must be submitted. Download Power of Attorney
    • 2. Inquiries and requests can be made to the following department according to the 'Rights Exercise Request Form'. Download Request Form
    Personal Information Rights Exercise Reception/Handling Department
    Department Name Communication Office, Lee Jun-woo
    Contact/FAX 02-3404-4634 / 02-3404-4210
    Email jwlee@ktng.com
  • ③ Requests for access to personal information and suspension of processing may be restricted under Article 35(4) and Article 37(2) of the Personal Information Protection Act.
  • ④ If other laws specify that the personal information is a subject of collection, it cannot be requested for deletion.
Article 10. Personal Information Protection Officer and Grievance Handling Department
  • ① The company has designated a Personal Information Protection Officer to oversee and be responsible for personal information protection tasks, handling complaints related to personal information, and remediation of related issues as follows:
    Category Personal Information Protection Officer Personal Information Protection Manager
    Name Park Jun-young Kim Seon-guk
    Position/Department Head of Information Security Information Security Department
    Contact information 042-939-5340
    Email kimsk@ktng.com
  • ② You may inquire about any grievances related to personal information that occur while using the service, and the company will provide prompt and sufficient responses.
    Personal Information Grievance Handling Department
    Department Name Communication Office, Lee Jun-woo
    Contact information 02-3404-4634
    Email jwlee@ktng.com
Article 11. Remedies for Infringement of the Rights and Interests of Information Subjects
  • Information subjects can consult the following organizations for remediation of personal information infringements and for consultation. These organizations are independent from the company, and if you need more detailed assistance regarding the infringement of personal information rights, please contact them:
    • 1. Personal Information Dispute Mediation Committee: 1833-6972 (www.kopico.go.kr)
    • 2. Personal Information Infringement Report Center: 118 (privacy.kisa.or.kr)
    • 3. Supreme Prosecutors' Office: 1301 (www.spo.go.kr)
    • 4. National Police Agency: 182 (ecrm.police.go.kr)
Article 12. Changes to the Personal Information Processing Policy
  • ① Announcement date of the "Personal Information Processing Policy": Month 12 Day 13, 2024
  • ② Effective date of the "Personal Information Processing Policy": Month 12 Day 13, 2024
  • ③ Previous versions of the "Personal Information Processing Policy" can be reviewed below:
October 29th, 2021 ~ November 16th, 2021. View Changes
November 17th, 2021 ~ December 7th, 2021. View Changes
December 8th, 2021. ~ March 29th, 2022. View Changes
March 30th, 2022. ~ August 9th. 2022. View Changes
August 10th. 2022. ~ December 27th, 2022. View Changes
December 28th, 2022. ~ January 19th, 2023. View Changes
January 20th, 2023. ~ March 9th, 2023. View Changes
March 10th, 2023. ~ July 11th, 2023. View Changes
July 12th, 2023. ~ June 13th, 2024. View Changes
June 14th, 2024. ~ December 12th, 2024. View Changes
X
Article Before the change After the change
Article 6
(Items of personal information to be processed)		 Article 6 (Items of personal information to be processed)
① The Company handles the following personal information items.
A. Answer to customer inquiries.
- Required : name, e-mail, IP address, Inquiry type, inquiries, 14 years of age or older
- Optional : attach file
B. Answer to report unethical activities.
- Required : name, contact information (home/cell phone), e-mail, IP address, inquiries, 14 years of age or older
- Optional : attach file 		Article 6 (Items of personal information to be processed)
① The Company handles the following personal information items.
A. Answer to customer inquiries.
- Required : name, e-mail, Inquiry type, inquiries, 14 years of age or older
- Optional : attach file
B. Answer to report unethical activities.
- Required : name, contact information (home/cell phone), e-mail, inquiries, 14 years of age or older
- Optional : attach file
X
Article Before the change After the change
Article 6
(Items of personal information to be processed)		 Article 6 (Items of personal information to be processed)
① The Company handles the following personal information items.
A. Answer to customer inquiries.
- Required : name, e-mail, Inquiry type, inquiries, 14 years of age or older
- Optional : attach file
B. Answer to report unethical activities.
- Required : name, contact information (home/cell phone), e-mail, inquiries, 14 years of age or older
- Optional : attach file 		Article 6 (Items of personal information to be processed)
① The Company handles the following personal information items.
A. Answer to customer inquiries.
- Required : Name, E-mail, Inquiry type, Inquiries, Over 14 years old
- Optional : Attach file
B. Answer to report unethical activities.
- Required : Name, Contact information(home/cell phone), E-mail, Inquiries type, Inquiries, Check my text/password, Over 14 years old
- Optional : Country, Attach file
Article 10 (Personal information protection officer) ① The Company is responsible for the handling of personal information as a whole, and designates the person in charge of personal information protection as follows to handle complaints and damages relief of the Subject of Information related to personal information processing.
Officer in charge of personal information protection Staff in charge of personal information protection
Name Yoon Kwang-seok Name Jang Jin-seop
Position Head of IT division Department IT division
Contact1
(phone & fax)		 042-939-5190, 5059
Contact2
(e-mail)		 jsj@ktng.com
① The Company is responsible for the handling of personal information as a whole, and designates the person in charge of personal information protection as follows to handle complaints and damages relief of the Subject of Information related to personal information processing.
Officer in charge of personal information protection Staff in charge of personal information protection
Name Park Young-Jo Name Jo Kyoung-Chun
Position The head of Information Security Office Department Information Security Office
Contact1
(phone & fax)		 042-939-5347
Contact2
(e-mail)		 kcjo@ktng.com
X
Article Before the change After the change
Article 3
(Matters concerning the provision of personal information to a third party)		 - ③ Provision of personal information
Provision of personal information
Person to be provided Purpose of provision Items of provision Retention and use period
KT&G affiliates (including KGC, Yungjin Pharmaceuticals Co., Ltd. and COSMOCOS) an investigation of report details and the result of the report may be conducted and confirmed Name, Contact information(home/cell phone), E-mail, Inquiries type, Inquiries, Check my text/password, Over 14 years old 3 years after the end of report related measures
X
2022년 8월 시행 접수 및 처리부서 담당자 변경 사항
Article Before the change After the change
Article 5 (Rights and obligations of the Subject of Information, and the method of exercising them)
접수 및 처리부서
Reception and procession department
Person in charge/department Eum Moon-kyung/ promotion dept.
Contact 02-3404-4202
e-mail 20060108@ktng.com
Reception and procession department
Reception and procession department
Person in charge/department Oh Ju-yeon / promotion dept.
Contact 02-3404-4202
e-mail smile-amanda@ktng.com
X
Article Before the change After the change
Article 1 (Purpose of processing personal information)

The Company processes the personal information collected from the Subject of Information according to the purpose of each of the following items and does not change the purpose of use or use it in a different way other than that without prior consent of the Subject of Information.

A. Customer inquiries and the reporting and answering of unethical activities.
Personal information is processed for the purpose of identifying oneself, checking civil complaints, contacting and notifying for fact-finding, and notifying the results of processing.
B. Factory/facility tour/space rental application
Where the application for a factory/facility tour/space rental is made, it is used for the purpose of contacting the applicant.
C. Request for commercial use of imagination style.
KT&G's approval is required when using KT&G's imagination style for commercial purposes.

The company processes the personal information acquired from the subject for each of the following purposes and does not modify the purpose of the use or use of the information for other reasons without the subject's prior agreement.

Article 1 (Purpose of processing personal information)
Division Purpose of Processing
Customer Inquiries

- Confirmation of inquiry, reception/handling/response to an inquiry

- Registration of reference materials and, if required, securement of additional communication routes
Reporting of Unethical Acts

- Identification of the reporter, receipt/handling/response to the report

- Rapid and precise fact-finding and action
Article 2 (Period of processing and retention of personal information)
  • ① The Company processes and holds personal information within the period of possession and use of personal information under laws or within the period of possession and use of personal information agreed upon by the Subject of Information.
  • ② Each personal information processing and retention period is as follows:
    • A. Processing of customer inquiries and unethical activities reporting: one month from the date of inquiry/reporting.
    • B. Factory/facility tour/space rental application: 6 months from the date of application.
    • C. Request for commercial use of imaginary style: 1 month from the date of request.
  • ③ Notwithstanding the holding period of the above paragraph, where the Subject of Information directly requests the deletion according to due procedures and methods, it will be destroyed without delay.
  • ① The company processes and retains personal information within the period of retention and use of personal information required by applicable laws and regulations, or within the period of retention and use of personal information agreed upon at the time personal information was collected from the information subject.
  • ② Each processing and retention period for personal information is outlined below.
    Article 2 (Processing and Retention Period of Personal Information)
    Division Retention Period
    Customer Inquiries

    - 1 month from the date of inquiry
    Reporting of Unethical Acts

    - 3 years after completion of handling reporting-related measures, etc.
  • ③ Regardless of the retention period specified in the preceding paragraph, if the information subject explicitly requests deletion by a proper procedure and method, the information will be deleted without delay.
Article 3 (Matters concerning the provision of personal information to a third party)
  • ① In principle, the Company processes the user's personal information within the scope specified in Article 1 (Purpose of processing personal information) and does not process it beyond the original scope or provide it to a third party without the user's consent.
  • ② However, except where there is a risk of unfairly infringing on the interests of the Subject of Information or a third party, the personal information may be provided to a third party in the following cases.
    • A. Where a separate consent is obtained from the Subject of Information,
    • B. Where there are special provisions in other laws,
    • C. Where it is necessary for the purpose of statistics preparation and academic research and the information of a specific individual is provided in an unrecognizable form.
    • D. Where it is necessary to investigate a crime, file a prosecution, and perform the court's judicial affairs.
  • ③ Provision of personal information
    Provision of personal information
    Person to be provided Purpose of provision Items of provision Retention and use period
    KT&G affiliates (including KGC, Yungjin Pharmaceuticals Co., Ltd. and COSMOCOS) an investigation of report details and the result of the report may be conducted and confirmed Name, Contact information(home/cell phone), E-mail, Inquiries type, Inquiries, Check my text/password, Over 14 years old 3 years after the end of report related measures
  • ① The company processes the personal information of the information subject solely within the scope defined in the purpose for processing personal information. Only in cases covered by Articles 17 and 18 of the "Personal Information Protection Act," such as consent of the information subject and special provisions of the law, shall personal information be provided to third parties; otherwise, personal information of the information subject shall not be provided to third parties.
  • ② To offer a seamless service, the company will only disclose the minimum necessary with the agreement of the information subject in the following instances:
    Article 3 (Items Pertaining to the Provision of Personal Information to Third Parties)
    Recipients Purpose of Use
    by the Recipient    		 Provided Items Period of Retention and Use
    KT&G Affiliates
    (View list)    		 Investigation of reports of unethical actions and confirmation of results

    - Name, contact information, email, Reports (Type / Title / Content)

    - Country / Attachment

    * Collection of optional items Provided only when received consent to use

    		 Deleted promptly upon the completion of report-related measures, and so on.
    KT&G Consigned
    Operator / Partners
Article 4 (Consignment of personal information processing)
  • ① The Company entrusts its affairs as follows for smooth business processing.
    Trustee company Trusted affairs and purpose Items of personal information Retention and use period
    Easy media, Co. Ltd. Webpage development/maintenance/analysis Name, contact (home/cell phone), e-mail, IP address, name of company, business type, handling goods, person in charge No separate retention
    LG CNS, Co. Ltd. Infra (DB) operation Name, contact (home/cell phone), e-mail, IP address, name of company, business type, handling goods, person in charge No separate retention
  • ② In accordance with Article 26 of the Personal Information Protection Act, the Company specifies the matters related to responsibility, such as the prohibition of personal information processing, the technical and administrative protection measures, the re-consignment restrictions, the management and supervision of the trustee and compensation for damages in the documents such as a contract, and supervises whether the trustee handles personal information safely.
  • ③ Where the contents of the consignment work or the trustee changes, we will disclose it through this personal information processing policy without delay
  • ① The company delegates the following responsibilities for efficient business operations.
    Consignees Duty and Purpose of Consignees Items of Personal Information Period of Retention and Use
    EZ Media Web page development/maintenance/analysis All personal information gathered via the website, including name, contact information, and e-mail address (refer to Article 6) Until the end of the consignment contract term (does not own separately)
    SK C&C Infrastructure (DB) operation All personal information gathered via the website, including name, contact information, and e-mail address (refer to Article 6) Until the end of the consignment contract term (does not own separately)
  • ② By Article 26 of the Personal Information Protection Act, when a company enters into a consignment contract, the contract must include provisions regarding the company's responsibilities, such as the prohibition of processing personal information for purposes other than the performance of entrusted tasks, technical and administrative protection measures, restrictions on re-entrustment, management and supervision of the trustee, and compensation for damages. Moreover, the company supervises the trustee's safe handling of personal information.
  • ③ The company shall immediately notify any changes to the consignment's contents or consignee through this Privacy Statement.
Article 5 (Rights and obligations of the Subject of Information, and the method of exercising them)
  • ① The Subject of Information may exercise the following personal information protection rights against the Company at any time.
    • A. Request to access personal information.
    • B. Where there is an error, etc., request of correction.
    • C. Request of deletion.
    • D. Request for suspension of processing.
  • ② If you contact the reception and processing department or request in writing for the exercise of rights such as requesting access, the Company will take action without delay.
    • A. Phone or e-mail inquiry.
    • B. A written request through e-mail or FAX.
    Reception and procession department
    Person in charge/department Oh Ju-yeon / promotion dept.
    Contact 02-3404-4202
    e-mail smile-amanda@ktng.com
  • ③ You can exercise your rights, such as requesting access, through an agent delegated by the Subject of Information. In this case, you must submit the following power of attorney
  • ④ Where the Subject of Information requests the correction or deletion of personal information errors, etc., the Company will not use or provide the personal information until the correction or deletion is completed.
  • ⑤ The Company processes the personal information terminated or deleted at the request of the Subject of Information as specified in Article 2 (Period of processing and retention of personal information) and ensures that it cannot be accessed or used by other purposes.
  • ⑥ The Subject of Information shall not infringe on the personal information and privacy of the Subject of Information itself or others in violation of the relevant laws such as the Personal Information Protection Act.
  • ① The information subject may at any time exercise the following rights relevant to the protection of personal information against the company.
    • A. Request to read personal information
    • B. Request for correction in case of errors, etc.
    • C. Request for deletion
    • D. Request to suspend the processing
  • ② If you contact the reception/processing department or submit a written request to exercise rights such as a request for reading, the company will respond promptly.Request Form Download
    • A. Inquiry by phone or email
    • B. Request in writing via email
    Reception and Processing Department
    Reception and Processing Department
    Person in Charge / Department Oh Ju-yeon / PR Department
    Contact Information 02-3404-4202
    Email smile-amanda@ktng.com
  • ③ An authorized agent of the information subject may exercise a subject's rights, such as a request for a reading. The following power of attorney must be provided in this instance. Download Power-of-Attorney Form
  • ④ If the information subject requests rectification or deletion of personal information, the company will refrain from using or disclosing the information until the request is fulfilled.
  • ⑤ The company handles personal information that has been canceled or destroyed at the information subject's request in accordance with Article 2 (Processing and Retention Period of Personal Information) in a way that prevents it from being accessed or used for any other reason.
  • ⑥ The information subject may not violate the personal information and privacy of the information subject or other individuals in violation of applicable laws such as the Personal Information Protection Act.
Article 6 (Items of personal information to be processed)
  • ① The Company handles the following personal information items.
    • A. Answer to customer inquiries.

      - Required : Name, E-mail, Inquiry type, Inquiries, Over 14 years old

      - Optional : Attach file

    • B. Answer to report unethical activities.

      - Required : Name, Contact information(home/cell phone), E-mail, Inquiries type, Inquiries, Check my text/password, Over 14 years old

      - Optional : Country, Attach file

  • ② In addition to paragraphs 1 and 2, the following personal information items may be automatically generated and collected during the service use process.
    - User Agent (browser information), IP address: Statistical analysis of service use and prevention of illegal/unfair use.
  • ③ We do not process sensitive information such as thoughts and beliefs, joining and withdrawal of labor unions and political parties, political views, and sexual life.
  • ① The following personal information is handled by the company:
    Article 6 (Processed Items of Personal Information)
    Division Items of Personal Information
    Customer Inquiries

    [Required] Name, email, inquiry (type/title/content), whether older than 14 years or not

    [Optional] Attachments
    Reporting of Unethical Acts

    [Required] Name, contact information, e-mail, report information (type/title/content), Password to confirm the post, whether older than 14 years or not

    [Optional] Country, Attachments
  • ② In addition to the personal information described in Paragraph 1, the following information may be automatically produced and collected over the course of using the service:
    - Browser information and IP address: Statistical service usage analysis and prevention of illegal/unauthorized use
  • ③ Other sensitive information will not be handled, including ideology/belief, union/party membership/withdrawal, political opinion, and sex life.
Article 7 (Destruction of personal information)
  • ① Where the personal information becomes unnecessary, such as the lapse of the period of personal information retention or the achievement of the purpose of processing, the Company will destroy the personal information without delay.
  • ② Where the personal information must be preserved according to other laws and regulations even after the period of personal information retention agreed upon by the Subject of Information has elapsed or the purpose of processing has been achieved, the personal information will be moved to a separate database or preserved differently.
  • ③ The procedure and method of destroying personal information are as follows:
    • A. Destruction procedure

      The Company selects personal information that has caused the reason for destruction and destroys the personal information with the approval of the Company's personal information protection officer.

    • B. Method of destruction

      The Company permanently deletes personal information recorded and stored in the form of electronic files in a way that cannot be restored, and shreds or incinerates records, prints, documents and other recording media other than electronic files.
  • ① The company destroys personal information without delay when it is no longer necessary, such as when the personal information retention term has expired or the processing purpose has been fulfilled.
  • ② If the personal information retention period agreed upon by the information subject has expired or if the personal information must be kept in accordance with other laws despite the attainment of the processing purpose, the personal information will be transferred to a separate database or stored in a different storage location.
  • ③ The technique and method for destroying personal information are as follows.
    • A. Destruction procedure

      With the agreement of the company's personal information security officer, the company destroys the personal information for which the reason for deletion has occurred.

    • B. Destruction method

      In the event of recordings, prints, handwriting, and another non-electronic recording medium, the company uses a shredder or an incinerator to destroy them.
Article 8 (Methods related to the installation and operation of personal information automatic collection device and its rejection)

The Company operates Cookie, which automatically stores and finds member information to provide the specialized services to users.

  • - What is Cookie: A very small text file sent to the user's browser by the server used to run the website. It is stored on the user's computer.
  • - Denial of Cookie installation and collection: Users have the option to install cookies and can allow all cookies by setting options in a web browser, or go through confirmation whenever cookies are saved, or refuse to save all cookies. However, where users refuse to install cookies, it may be difficult to use some services that require login.
    • · Method of setting in the case of Internet Explorer: Tools menu in the top of web browser > Internet Options > Personal Information > Settings
    • · Method of setting in the case of Chrome: Settings menu on the right side of the web browser > Indication of high rank settings at the bottom of the screen > Personal information contents setting button > Cookies
  • - Purpose of automatic collection and items to collect.
    Collection purpose Collection items Retention period
    Statistical analysis and illegal/unlawful prevention use Users' agents (browser information), IP address Factory/facility tour/space rental application: 6 months
    - Customer inquiry, reporting of unethical activities, download of imagination style: 1 month
    Provision of customized service Cookie 15 minutes

The company uses "cookies" that automatically store and retrieve user data to present customers with personalized services.

  • A. Cookie: A very little text file supplied to the user's browser and saved on the user's computer by the server that operates the website.
  • B. Refusal to install and collect cookies: Users have the choice to install cookies and can choose whether to accept all cookies, verify each cookie saved, or refuse to save all cookies by configuring the parameters in their web browser. However, utilizing some services could be challenging if you choose not to install cookies.
    • - For Internet Explorer

      · In Internet Explorer, select the Tools button > Select Internet Options

      · Select Privacy tab > Select Advanced in Settings > Select Block or allow cookies

    • - For Microsoft Edge

      · After clicking the ‘….’ mark in the upper right corner of Edge, click the Settings

      · On the settings screen, click "Personal information, search, and service". Choose the level and "Do not track" from the "Anti-Tracking" option.

      · Select the always browse InPrivate with "strict" tracking protection.

      · Select the “Send the Request of Do Not Track” in the Personal Information section below

    • - For Chrome

      · In Chrome, click the '⋮' mark (Customize and Control Chrome) at the upper right > Click Show Settings

      · Click “Show advanced settings” at the bottom of the settings page > Click Content Settings in the Privacy section

      · Check the box for “Block third-party cookies and site data” in the Cookies section

  • C. Purpose of automated collection and the items collected
    자동 수집 목적 및 수집하는 항목 보유 기간
    Purpose of Collection Collected Items Retention Period
    Statistical analysis and use against illegal/anti-corruption Browser information, IP address 1 month
    Provision of customized service
    (Retention of user's preferences)    		 Cookie 15 minutes
Article 9 (Measures to secure the safety of personal information) The Company is taking the following measures in accordance with Article 29 of the Personal Information Protection Act.
  • A. Management measures: Establishing and implementing an internal management plan, training of regular employee, and minimizing the designation of persons in charge of handling personal information.
  • B. Technical measures: managing the access rights of data systems that process personal information, installing the access control systems, encrypting the unique identification information, and installing the security programs.
  • C. Physical measures: Control of access to places where the personal information is stored such as computer centers.
 In compliance with Article 29 of the Personal Information Protection Act, the company is implementing the procedures outlined below.
  • A. Administration measures: Establishment and implementation of internal management plans, frequent staff training, and a reduction in the number of individuals entrusted with the handling of personal data.
  • B. Technical measures: Management of access rights to personal information processing systems, etc., installation of an access control system, encryption of passwords, and installation of a security program
  • C. Physical measures: Restriction of access to personal data storage areas such as computer centers
Article 10 (Personal information protection officer)
  • ① The Company is responsible for the handling of personal information as a whole, and designates the person in charge of personal information protection as follows to handle complaints and damages relief of the Subject of Information related to personal information processing.
    Officer in charge of personal information protection Staff in charge of personal information protection
    Name Park Young-Jo Name Jo Kyoung-Chun
    Position The head of Information Security Office Department Information Security Office
    Contact1
    (phone & fax)    		 042-939-5347
    Contact2
    (e-mail)    		 kcjo@ktng.com
  • ② The Subject of Information may contact the personal information protection manager and the department in charge for all personal information protection inquiries, complaints, and damage relief incurred while using the Company's service (or business). The Company will respond and process the Subject of Information's inquiries without delay.
  • ③ In order to receive the relief from the personal information infringement, the Subject of Information may apply for the dispute resolution or consultation to the Personal Information Infringement Reporting Center, the Personal Information Dispute Mediation Committee, and the Korea Internet & Security Agency. Please contact the institutions below for the reports and counseling of personal information infringement.
    - Personal Information Infringement Report Center: (without a regional number) 118 (http://privacy.kisa.or.kr)
    - Personal Information Dispute Mediation Committee: 1833-6972 (http://kopico.go.kr)
    - Cyber investigation department of the Supreme Prosecutors' Office: 1301(without a regional number), cid@spo.go.kr (http://spo.go.kr)
    - National Police Agency Cyber Safety Bureau: 182(without a regional number) (http://cyberbureau.police.go.kr)
  • ① The company is responsible for the overall management of personal information and has appointed the following individual as the person in charge of personal information protection to handle complaints and damage settlement relating to the processing of personal information.
    Article 10 (Officer for the Protection of Personal Information)
    Privacy Protection Officer Privacy Protection Manager
    Name Park Young-jo Name Cho Gyeong-cheon
    Position Head of Information Security Department Information Security Department
    Contact Info.1(Tel) 042-939-5347
    Contact Info.2(Email) kcjo@ktng.com
  • ② The information subject may address all personal information protection-related inquiries, complaint management, damage alleviation, etc. that happened while using the company's services (or business) to the person in charge of personal information protection and the responsible department. The company shall promptly reply to and manage the information subject's inquiries.
  • ③ The information subject may submit a request for dispute resolution or consultation to the Personal Information Infringement Report Center, the Personal Information Dispute Mediation Committee, or the Korea Internet & Security Agency in the event of a personal information breach. For complaints and consultations about breaches of personal information, please contact the following institutions.
    - Personal Information Infringement Report Center: (without area code) 118 (http://privacy.kisa.or.kr)
    - Personal Information Dispute Mediation Committee: (without area code) 1833-6972 (http://kopico.go.kr)
    - Cyber Investigation Division, Supreme Prosecutors' Office: (without area code) 1301 (http://spo.go.kr)
    - Cyber Investigation Bureau, National Police Agency (without area code) 182 (http://ecrm.cyber.go.kr)
X
Article Before the change After the change
Article 3
(Matters concerning the provision of personal information to a third party)
Article 10 (Officer for the Protection of Personal Information)
Privacy Protection Officer Privacy Protection Manager
Name Park Young-jo Name Cho Gyeong-cheon
Position Head of Information Security Department Information Security Department
Contact Info.1(Tel) 042-939-5347
Contact Info.2(Email) kcjo@ktng.com
Article 10 (Officer for the Protection of Personal Information)
Privacy Protection Officer Privacy Protection Manager
Name Park Jun-young Name Cho Gyeong-cheon
Position Head of Information Security Department Information Security Department
Contact Info.1(Tel) 042-939-5347
Contact Info.2(Email) kcjo@ktng.com
X
Article Before the change After the change
Article 3
(Items Pertaining to the Provision of Personal Information to Third Parties)
  • Article 3 (Items Pertaining to the Provision of Personal Information to Third Parties)
    Recipients Purpose of Use
    by the Recipient    		 Provided Items Period of Retention and Use
    KT&G Affiliates
    (View list)    		 Investigation of reports of unethical actions and confirmation of results

    - Name, contact information, email, Reports (Type / Title / Content)

    - Country / Attachment

    * Collection of optional items Provided only when received consent to use

    		 Deleted promptly upon the completion of report-related measures, and so on.
    KT&G Consigned
    Operator / Partners
  • Article 3 (Items Pertaining to the Provision of Personal Information to Third Parties)
    Recipients Purpose of Use
    by the Recipient    		 Provided Items Period of Retention and Use
    KT&G Affiliates
    (View list)    		 Investigation of reports of unethical actions and confirmation of results

    - Name, contact information, email, Reports (Type / Title / Content)

    - Country / Attachment

    * Collection of optional items Provided only when received consent to use

    		 Deleted promptly upon the completion of report-related measures, and so on.
    KT&G Consigned
    Operator / Partners
X
Article Before the change After the change
Article 4 (Consignment of Personal Information Processing)
Consignees Duty and Purpose of Consignees Items of Personal Information Period of Retention and Use
Easymedia Web page development/maintenance/analysis All personal information gathered via the website, including name, contact information, and e-mail address (refer to Article 6) Until the end of the consignment contract term (does not own separately)
SK C&C Infrastructure (DB) operation All personal information gathered via the website, including name, contact information, and e-mail address (refer to Article 6) Until the end of the consignment contract term (does not own separately)
Consignees Duty and Purpose of Consignees Items of Personal Information Period of Retention and Use
Easymedia Web page development/maintenance/analysis All personal information gathered via the website, including name, contact information, and e-mail address (refer to Article 6) Until the end of the consignment contract term (does not own separately)
The SMC Group SNS operation agency All personal information collected for event promotion and gift delivery, such as name and contact information (refer to Article 6) 5 days after each event prize is sent
SK C&C Infrastructure (DB) operation All personal information gathered via the website, including name, contact information, and e-mail address (refer to Article 6) Until the end of the consignment contract term (does not own separately)
Article 5 (Rights and Obligations of Information Subjects and Methods of Exercising them)
Reception and Processing Department
Reception and Processing Department
Person in Charge / Department Oh Ju-yeon / PR Department
Contact Information 02-3404-4202
Email smile-amanda@ktng.com
Reception and Processing Department
Reception and Processing Department
Person in Charge / Department Lee Jun-woo / Communication Office
Contact Information 02-3404-4634
Email jwlee@ktng.com
X
Article Before the change After the change
Article 5 (Rights and Obligations of Information Subjects and Methods of Exercising them)
Reception and Processing Department
Reception and Processing Department
Person in Charge / Department Lee Jun-woo / Communication Office
Contact Information 02-3404-4634
Email jwlee@ktng.com
Reception and Processing Department
Reception and Processing Department
Person in Charge / Department Ahn Jung-jin / Communication Office
Contact Information 02-3404-4638
Email janwjdwls@ktng.com
X
Article Before the change After the change
All - Complete revision of personal information processing policy in accordance with the personal information processing policy drafting guidelines ('24.4.30)
  • Contact us
  • Youtube
  • Download
top
처음으로
Close all menus