NdotLight Co., Ltd. (hereinafter 'NdotLight' or 'Company') strictly complies with domestic Personal Information Protection laws such as Act On Promotion Of Information And Communications Network Utilization And Information Protection (hereinafter 'Information and Communications Network Act') and the Personal Information Protection Act.
The personal information that NdotLight collects from users at the time they sign up for membership is as follows.
- When a user signs up for membership, his/her ‘ID, password, name, date of birth, gender, mobile phone number’ are collected as required fields.
- If the date of birth entered by the user shows that he/she is a minor under 14 years of age, the information (name, date of birth, gender, and duplication information (DI), mobile phone number) on his/her legal representative is additionally collected. Then, his/her email address is collected as optional field.
- If a user signs up for membership with a group ID, the group ID, password, group name, email address and mobile phone number are collected as required fields. The group representative’s name is also collected as an optional field.
The personal information that NdotLight collects from users at the time of receiving customer inquiries is as follows.
- We collect ‘e-mail address’ as a required field to receive bug reports.
- We collect ‘name, affiliation, phone number and e-mail address’ as required fields to receive a partnership proposal.
- We collect ‘name, affiliation, phone number and e-mail address’ as required fields to receive product inquiries.
In the process of using the service, the following information may be automatically generated and collected.
- NdotCAD product information and cookies, device information, OS, IP address
NdotLight processes and retains personal information within the period of retention and usage of personal information in accordance with laws and regulations, or within the period of retention and usage of personal information agreed upon when collecting personal information from users.
The items and period of personal information retained by the company in accordance with relevant laws and regulations are as follows.
- Act on The Consumer Protection In Electronic Commerce, Etc.
· Records on contract or subscription withdrawal: Stored for 5 years
· Records on payment and supply of goods: Stored for 5 years
· Records on consumer complaints or dispute resolution: Stored for 3 years
- Electronic Financial Transactions Act
Records related to electronic finance: Stored for 5 years
- Protection of Communications Secrets Act
Login information 3 months
In principle, NdotLight destroys the information without delay after the purpose of collection and use of personal information is achieved.
The destruction procedure and method are as follows.
- As a user of the website, the personal information of the member is continuously retained by the company while receiving the services provided by the company and is used to provide the company's services to the members.
- When a member requests cancelation of membership or loses membership, unique information that can identify an individual member is immediately deleted, leaving only the minimum information for cancelation-related statistical management among personal information, and is destroyed to an irreversible state.
- However, in the case of a member registered as a product customer, the product number and the minimum personal information that matches the product number are left so that problems do not occur in providing customer support services related to product usage.
- In addition, the company destroys the member's personal information without delay when the purpose of collection or provision of personal information has been achieved.
- If the purpose of collection or provision has been achieved, we may retain your personal information only when it is necessary to preserve it according to the provisions of the Commercial Act, etc., and the personal information is managed only for the purpose of storage.
- Personal information printed on paper is destroyed with a shredder or through incineration.
- Personal information stored in electronic file format is deleted using a technical method that cannot reproduce the record.
Users can exercise the following rights related to personal information protection at any time with respect to NdotCAD.
- Users can go to ‘My Information > Member Information’ to view or update their personal information.
- Users can withdraw their consent to the collection and use of personal information at any time through ‘Membership withdrawal’.
If the user is under the age of 14, the child’s legal representative has the right to view and update the child’s personal information, and to revoke his/her consent to the collection and use of the child’s personal information.
- If a user requests correction of errors in personal information, the personal information will not be used or provided until the correction is completed. In addition, if incorrect personal information has already been provided to a third party, we will notify the third party of the result of the correction without delay so that the correction can be made.
- In handling members' personal information, NdotLight is taking the following technical/administrative measures to ensure safety so that personal information is not lost, stolen, leaked, altered or damaged.
- Password encryption
The password set at the time of membership registration is encrypted, stored and managed, so only the person knows it, and it is possible to check and change personal information only by the person who knows the password.
- Countermeasures against hacking
NdotLight is doing its best to prevent the leakage or damage to applicants' personal information by hacking or computer viruses. Data is frequently backed up in preparation for damage to personal information and the latest vaccine program is used to prevent personal information or data of applicants from being leaked or damaged. Through encrypted communication, etc., personal information can be safely transmitted over the network. In addition, an intrusion prevention system is used to control unauthorized access from the outside and we are trying to equip all possible technical devices to secure other systemic security.
- Minimization and training of personal information processing staff
The company's personal information processing staff is limited to the person in charge, and a separate password for this purpose is assigned and updated regularly. In addition, we provide frequent training for the person in charge, emphasizing the importance of protecting the personal information of job applicants.
- Operation of a dedicated organization for personal information protection
Through the in-house personal information protection organization, etc., we check the compliance of the company's personal information processing policy and the compliance of the person in charge. If any problems are found, we are working hard to correct them immediately. However, the company is not responsible for any problems caused by the leakage of personal information such as passwords and resident registration numbers due to the user's negligence or problems on the Internet.
NdotLight has designated the following persons as the Chief Privacy Officer and Responsible Personnel to remain responsible for responding to user inquiries regarding personal information and resolving any related complaints.
- Chief Privacy Officer
· Name: Park Jin-young
· Affiliation: CEO
· Position: CEO
· Mail: email@example.com
- Responsible Personnel
· Name: Kim Sung-hwan
· Affiliation: Product Development Team
· Position: Leader
· Mail: firstname.lastname@example.org
- If you need to report or consult on other personal information infringement, you can contact the following organizations.
· Cyber Investigation Division, Supreme Prosecutors' Office (www.spo.go.kr / 1301 without area code)
· National Police Agency Cyber Security Bureau (police.go.kr / 182 without area code)
- Announcement Date: September 18, 2020
- Effective date: September 27, 2020