Personal information protection

Personal Information Processing Policy

"Extrus Inc." (hereinafter referred to as "Extrus") places importance on the personal information of users and strives to comply with laws and regulations related to personal information such as the Personal Information Protection Act.

Extrus will inform you of the purpose and methods of using the personal information provided by users and what measures we are taking to protect your personal information through the Personal Information Processing Policy.

0. General terms
The term "personal information" means information about a living individual that can identify a specific individual by name, resident registration number, video, etc. (including one that can be easily identified by combining with other information even if the relevant information alone cannot identify a specific individual).

Extrus has established the necessary procedures for revision in order to continuously improve its privacy policy.

This policy will take effect on December 1, 2020, and if revised, notification will be placed on the website (or individually by writing, e-mail, telephone, SMS, etc.).
1. User's rights and how to exercise them
(1) In relation to the registered personal information of the user himself/herself, the user may at any time request this information to be viewed, corrected, deleted, suspended processing, or withdrawn from consent.

– Personal information possessed by Extrus: terminal information (encrypted IMEI, model name, OS version, log, etc.), service usage status, etc. (See "3. Collecting Personal Information Items and Methods" for more information.)

– Current status of user's consent to the collection, use, provision, etc. of personal information of Extrus: consent to the collection and use of personal information at the time of initial service activation, etc. (See "3. Items and Methods of Collecting Personal Information" and "4. Purpose of Collecting and Using Personal Information" for more information.)

You can contact the person in charge of personal information protection by writing, email, or phone.

Extrus may refuse to view, correct, or delete all or part of personal information in any of the following cases.

– Access is prohibited or restricted by law

– Risk of harming another person's life or body, or where there is a risk of unreasonably infringing on another person's property and other interests

(2) If a user requests correction of an error in personal information, Extrus will not use or provide the personal information to a third party until the correction is completed. In addition, if the personal information with an error has already been provided to a third party, the corrected information will be notified to the third party without delay.

Extrus processes personal information deleted or suspended at the request of the user or legal representative as specified in "7. Retention and Use of Personal Information" and makes it unusable for any other purpose.

Users must accurately enter their personal information up-to-date and accurate. The user is responsible for accidents caused by inaccurate information entered by the user, and if false information such as the theft of other people's information is entered, membership may be lost.

Users have not only the right to protect their personal information, but also the obligation to protect themselves and not to infringe on the information of others. Please be careful not to leak the user's personal information, such as passwords, and be careful not to damage the personal information of others, such as posts. If you do not fulfill such responsibilities and damage the information and dignity of others, you may be punished under the Information and Communication Network Utilization Promotion and Information Protection Act.
2. Personal information protection officer and department in charge
Extrus has designated a department in charge and a person responsible for personal information protection as follows to protect users' personal information and to handle complaints related to personal information.

(1) Personal Information Protection Officer and Personal Information Protection Department

Personal Information Protection Officer: 정경수

Personal Information Protection Department: Security Business Headquarters

Phone number : 02-6928-6774

Contact email : sales@extrus.co.kr

(2) Other agencies

Users can report any complaints related to personal information protection that have occurred using Extrus' services to the Personal Information Protection Officer or the department in charge. Extrus will provide quick and sufficient answers to the user's reports. If you need to report or consult other personal information infringement, please contact the agency below.

– Personal Information Infringement Report Center (https://privacy.kisa.or.kr / 118)

– Cyber Investigation Division of the Scientific Investigation Department of the Supreme Prosecutors' Office (http://cybercid.spo.go.kr / 1301 without a national code)

– National Police Agency Cyber Bureau (http://cyberbureau.police.go.kr / 182)
3. Items and methods for collecting personal information
(1) Personal Information Collection Items

Extrus collects the following personal information from users when registering for the first time or using the service.

– Required:

Data for device registration and license management: "IMEI", "serial number" or "ADB number", model name and description of mobile device, terminal OS version/build number, client time zone
Product and service improvement, data for analysis: Exafe MDM status/activation time/number of access, access records, service application status, terminal configuration information setting result and time

- Optional:

Log information for the service app

※ Extras does not collect sensitive information (such as ideas and beliefs, membership and withdrawal of labor unions and political parties, political views, health, and sex life) that may significantly infringe on users' privacy.

(2) Personal information collection methods

Extrus collect personal information in the following ways.

- When using a service, automatic collection with tools installed on the device.

※ Extrus has a procedure in place that allows users to select "agree" or "disagree" for each of Extrus' personal information collection and use agreements.
4. Purpose of collecting and using personal information
Extrus uses the personal information it collects for the following purposes.

① Device registration and license management: product license verification, activation, and management

② Product and service improvement, analysis: product and service improvement, statistics

③ Error analysis and improvement when services are not functioning properly
5. Provisioning personal information to third parties
Generally, Extrus does not provide users' personal information to the outside world. However, the following cases are exceptional.

– In accordance with the provisions of the Act and subordinate statutes, if there is a request from an investigative agency in accordance with the procedures and methods prescribed by the Act and subordinate statutes for the purpose of investigation

– If the user has agreed in advance

In the case of providing or sharing the user's personal information other than what was stated, the information will be provided after obtaining the user's consent separately.
6. Period of retention and use of personal information
In principle, Extrus will destroy the personal information without delay after the purpose of collecting and using the personal information is achieved, and the specific retention period is as follows.

Device registration and license management data: two years after license expires
Product and service improvements, analytics data: 5 years after end of service
Log information in the service app: immediately destroy or one month after achieving the goal

However, if it is necessary to preserve the information in accordance with the provisions of the relevant laws and regulations, Extrus will keep personal information for a certain period as set forth in the relevant laws and regulations. In this case, Extrus will transfer the information to a separate database (DB) or store it in another place.

Log of user's Internet, etc. / Tracking data for user's access (3 months)

– Communications Secret Protection Act

Other communication fact confirmation data (12 months) - Communication Secret Protection Act
7. Procedures and methods for destroying personal information
The procedure and method for destroying personal information are as follows.

(1) a procedure for destruction

(2) destruction methods

Extrus deletes personal information stored in the form of an electronic file using a technical method that cannot play records. The personal information printed on the paper is destroyed by grinding or incineration.
8. Other policies concerning the processing of personal information
(1) Technical and administrative measures to protect personal information

Extrus takes the following technical and administrative measures to ensure safety so that personal information is not lost, stolen, leaked, altered or damaged when processing users' personal information.

– Establishment and implementation of internal management plans

· In order to safely process personal information, an internal management plan is established and implemented.

· Check the implementation of personal information protection measures and compliance of the person in charge of the business through an in-house personal information protection organization, etc., and take measures to correct any problems immediately.

– Installation and Operation of Access Control Devices

· We use an intrusion prevention system to control unauthorized access from outside, and we try to use all possible tools to ensure system security.

– Measures to prevent forgery or alteration of access records

· Keep and manage records accessed to the personal information processing system, and use security functions to prevent forgery or alteration of access records.

– Encryption of personal information

· Your personal information is protected by a encrypted password, and use a file lock function (Lock) used when storing files. In addition, transmitted data is encrypted, and sensitive data is protected by a separate security function.

– Hacking prevention measures

· Use a vaccine program to prevent damage caused by malicious viruses. The vaccine program is updated periodically, and in the event of a sudden virus attack, vaccine is released to prevent personal information infringement.

· Secure Socket Layer (SSL), an encrypted transmission method that can safely transmit personal information on the network, is adopted

· In preparation for external intrusion such as hacking, each server will introduce an intrusion prevention system and a vulnerability analysis system, and ensure security.

· Personal information and general data stored separately in a separate servers.

– Personal information handling training

· Restrict the user's access to personal information by directly dealing with the user, person in charge of personal information protection, person in charge of personal information management, and other personnel who are inevitable to handle personal information.

· We provide regular in-house and outsourced training on new security technologies and privacy obligations to employees handling personal information.

· All employees are required to fill out a security pledge to prevent information leakage by people when entering the company. It also has internal procedures to audit the implementation of privacy measures and compliance of employees.

· The computer room and data storage room are designated as special protected areas to control access.

(2) Transmission of advertising information

Extrus does not transmit commercial information for profit without the prior consent of the user.