Oncosoft Inc. (hereinafter referred to as the"Company") has established this Privacy Policy (hereinafter referred to as the "Policy") to protect the privacy, rights and the interests of information subjects in accordance with Article 30 of the Personal Information Protection Act. This Policy aims to protect the personal information and rights of information subjects and to facilitate the efficient handling of grievances related to personal information
The Company processes personal information for the following purposes. The collected personal information will not be used for any purpose other than those listed below. If the purpose of processing changes, the Company will take necessary measures, such as obtaining separate consent in accordance with Article 18 of the Personal Information Protection Act.
➀ Providing services related to product inquiries
➁ Processing job applications and recruitment inquiries
➂ Managing general information about business partners
The Company processes the following personal information with the consent of information subjects in accordance with Article 15(1) and Article 22(1)(7) of the Personal Information Protection Act.
➀ Records related to consumer complaints or dispute resolution concerning product inquiries are retained for three years.
▶ Legal Basis: Article 6(1)(4) of the Enforcement Decree of the Act on the Consumer Protection in Electronic Commerce.
➁ Personal information of employees hired through recruitment is retained for three years from the date of resignation.
▶ Legal Basis: Article 42 of the Labor Standards Act.
➀ The Company does not currently outsource personal information processing.
➁ When entering into an outsourcing contract, the Company will ensure compliance with Article 25 of the Personal Information Protection Act by specifying in contracts the prohibition of personal information processing beyond the outsourced purpose, implementation of technical and managerial protection measures, restrictions on re-outsourcing, management and supervision of service providers, liability for damages, and other responsibilities. The Company will also supervise service providers to ensure they handle personal information securely.
➂ If new outsourcing arrangements are made or existing outsourcing details change, the Company will disclose such updates in this Policy without delay.
➀ The Company will immediately destroy personal information once its retention period expires or its processing purpose is fulfilled.
➁ If retention is required by law despite the expiration of the retention period or fulfillment of the processing purpose, the personal information will be transferred to a separate database (DB) or stored in a different location.
➂ The Company identifies personal information subject to destruction and, upon approval from the Data Protection Officer, permanently deletes or physically destroys the information.
④ Electronically stored personal information is permanently deleted to prevent recovery, while paper documents are shredded or incinerated.
The Company has taken the following measures necessary for ensuring the security of personal information, in compliance with Article 29 of the Personal Information Protection Act:
➀ Administrative measures: Establishment/Implementation of internal management plans, regular training of employees, etc.
➁ Technical measures: Management of access to systems processing personal information, installation of access control systems, encryption of identifiable information, and installation of security programs.
➂ Physical measures: Access control to computer rooms and data storage rooms
➀ The Company uses cookies to store and retrieve user information for personalized services.
➁ Cookies are small amounts of information sent by the website’s server to the user’s browser and stored on the user’s PC or mobile device.
➂ Users can allow or block cookies by configuring their browser settings. However, refusing to save cookies may limit the use of personalized services.
➀ Data subjects may exercise the following rights concerning their personal information: access, correction, deletion, suspension of processing, withdrawal of consent, objection to automated decisions, or requesting an explanation.
② Requests for the above can be made via written, email, or fax communication in accordance with Article 41(1) of the Enforcement Decree of the Personal Information Protection Act. The Company will respond without delay.
③ The right to access and suspend processing may be restricted under Articles 35(4) and 37(2) of the Personal Information Protection Act.
④ Requests for deletion cannot be made if personal information is required by law.
⑤ The Company verifies the identity of the requesting individual or their legitimate representative when processing such requests.
⑥ Requests for personal information can be submitted to the department below. The Company will make every effort to process information subjects' requests for access to personal information promptly.
▶ Department for Receiving and Processing Requests for Access to Personal Information
• Department : Development, IT Infrastructure Team
• Contact : +82-2-336-0670 / contact@oncosoft.io
➀ The Company takes overall responsibility for tasks related to personal information processing and has designated the following Personal Information Protection Officer to handle complaints and provide remedies concerning personal information processing.
▶ Privacy Manager
• Name : Gwangsu Lee
• Title : Information Security Manager (IT Infrastructure Team)
• Contact : +82-2-336-0670/ gs.lee@oncosoft.io
② Please contact the Chief Privacy Officer or Privacy Manager for any question, complaint, and remedy related to personal information during the use of The Company’s services. The Company will promptly respond to and process your inquiry.
For reports or inquiries regarding personal information violations, please contact the following organizations:
• Personal Information Infringement Report Center : http://privacy.kisa.or.kr/ (Toll-Free) +82-118
• Prosecutors’ Office : www.spo.go.kr / (Toll-free) +82-1301
• Police Cybercrime Investigation : cyberbureau.police.go.kr /(Toll-free) +82-182
This policy is effective as of February 1,2025. Updates due to legal, policy, or security changes will be announced on the Company’s website.
