Privacy Policy

SK Square (hereinafter referred to as the “Company”) processes and manages personal information lawfully and securely in compliance with the Personal Information Protection Act and related laws and regulations to safeguard the freedoms and rights of information subjects. Pursuant to Article 30 of the Personal Information Protection Act, we have formulated and disclosed the following privacy policy to inform information subjects about the procedures and standards for processing personal information. This policy also ensures the prompt and efficient resolution of any grievances related to personal information handling. SK Square’s privacy policy is applied equally not only to internal executives/employees but also to external stakeholders.

1. 1.Purpose of Processing Personal Information, Items Collected, and Period of Retention and Use

   We do not collect any personal information on our main website (www.sksquare.com).

2. 2.Provision of Personal Information to Third Parties

   As we do not collect any personal information on this website, we do not provide any personal information to third parties. Below is the general policy of the Company regarding the provision of personal information to third parties:

   • The Company may only provide personal information to third parties in accordance with the circumstances specified in Articles 17 and 18 of the Personal Information Protection Act.

     1. ① Where consent is obtained from the information subject;

     2. ② Where special provisions exist in other laws or it is inevitable to observe legal obligations;

     3. ③ Where it is deemed manifestly necessary for the protection of life, bodily or property interests of the information subject or third party from imminent danger;

     4. ④ Where it is necessary to attain the justifiable interest of a personal information controller, which such interest is manifestly superior to the rights of the information subject. In such cases, processing shall be allowed only to the extent the processing is substantially related to the justifiable interest of the personal information controller and does not go beyond a reasonable scope; or

     5. ⑤ Where it is urgently necessary for the public safety and security, public health, etc.

   • The Company will inform the information subject of the following matters and obtain consent when it provides personal information to a third party.

     1. ① The recipient of personal information;

     2. ② The purpose of the use of the personal information (the purpose for which the recipient of personal information uses such information);

     3. ③ Particulars of personal information to be provided;

     4. ④ The period during which the recipient retains and uses personal information; and

     5. ⑤ The fact that the information subject is entitled to deny consent, and disadvantages, if any, resulting from the denial of consent.

3. 3.Matters Concerning the Entrustment of the Processing of Personal Information

   On this website, we do not entrust the processing of personal information to third parties. However, if the Company decides to entrust a third party with the processing of personal information, we will disclose the details of the entrustment and the entrusted party on the relevant webpage.

4. 4.Personal Information Destruction Procedures and Methods

   The Company will promptly destroy personal information when it becomes unnecessary due to the expiration of the retention period or the fulfillment of the purpose for processing the personal information.

   1. ①Destruction procedures

      The Company identifies personal information that should be destroyed due to the expiration of the retention period or fulfillment of processing purposes. A destruction plan is established and approved by the Privacy Officer. Personal information is destroyed within five days from the expiration of the retention period or fulfillment of processing purposes.

   2. ②Destruction methods

      - If the information is in electronic form, it will be permanently deleted using irreversible means.

      - If the information is in non-electronic form, it will be shredded or incinerated.

   If other laws or regulations require us to retain personal information beyond the agreed retention period or purpose of processing, we will transfer such personal information to a separate database (DB) or store it in a different location.

5. 5.Rights and Obligations of Information Subjects and Their Legal Representatives and Exercise of the Rights

   1. ① The information subject may exercise the rights of access, correction, deletion, suspension of processing, refusal of automated decision-making, and request for explanation against the Company at any time.

      ※ Requests for access to personal information, etc., concerning children under the age of 14 must be made by their legal representative. Information subjects who are minors over the age of 14 may exercise their rights concerning their personal information either by themselves or through their legal representative.

   2. ②According to Article 41(1) of the Enforcement Decree of the Personal Information Protection Act, information subjects may exercise their rights through various means such as writing, email, or fax. To request access to personal information, information subjects should use the form provided in Appendix 8 of the Notification on the Personal Information Processing Methods (No. 2023-12). The Company will promptly take action upon receiving the request.

   3. ③The rights may be exercised through an agent, such as the legal representative of the information subject or a person authorized by him/her. In this case, the information subject should use the power of attorney form provided in Appendix 11 of the Notification on the Personal Information Processing Methods (No. 2023-12).  

   4. ④The rights of the information subject to request access to and suspension of processing of personal information may be restricted under Article 35 (4) and Article 37 (2) of the Personal Information Protection Act.

   5. ⑤Requests for correction or deletion of personal information may not be accepted if such personal information is specified as necessary to be collected under another law.

   6. ⑥The right to refuse automated decision-making may be exercised if the automated decision-making was made in accordance with Article 15 (1), paragraphs 1, 2, or 4 of the Personal Data Protection Act.

   7. ⑦When the Company receives a request from an information subject to exercise his/her rights of access, correction, deletion, suspension of processing, refusal of automated decision-making, or request for explanation regarding personal information, the Company will verify that the person is indeed the information subject him/herself or his/her duly authorized representative.

6. 6.Measures to Ensure the Security of Personal Information

   The Company complies with Article 29 of the Personal Information Protection Act to ensure the security of personal information and takes the following measures:

   • Administrative measures: Establishment and implementation of internal management plans, regular training;
   • Technical measures: Control of access rights to personal information processing systems, installation of access control systems, encryption of unique identification information, installation of security programs, etc.; and
   • Physical measures: Access control to computer rooms, data storage rooms, etc.

   In addition to these statutory measures, the Company also implements the following activities to ensure the security of personal information:

   • Information protection certification (ISO/IEC 27001).

7. 7.Installation and Operation of Automated Tools for the Collection of Personal Information and Refusal to Accept Them.

   The Company does not use tools that automatically collect personal information, such as “cookies” that store and retrieve information about users from time to time.

8. 8.Privacy Officer and the Department in Charge of Receiving and Handling Requests for Access

   The Company has appointed the following person as the Privacy Officer who oversees the overall handling of personal information and is responsible for managing complaints and providing redress to information subjects related to the handling of personal information.

   	Privacy Officer	Privacy Manager
   Depart- ment	Privacy	Privacy
   Name	Kim Byeongyoon	Cho Hyewoo PL
   Contact	-	02-6100- 3114

9. 9.Remedies for Infringement of the Rights and Interests of the Information Subject

   The information subject may seek remedies for infringement of their personal information by filing a case with or contacting the Personal Information Dispute Mediation Committee or the Korea Internet and Security Agency Privacy Call Center. For other reports and consultations regarding personal information infringement, please contact the following organizations:

   • Personal Information Dispute Mediation Committee: (Without area code) 1833-6972 (www.kopico.go.kr)
   • Privacy Call Center: (Without area code) 118 (privacy.kisa.or.kr)
   • Supreme Prosecutors’ Office: (Without area code) 1301 (www.spo.go.kr)
   • Police Agency: (Without area code) 182 (ecrm.cyber.go.kr/minwon/main)

10. 10.Changes to the Privacy Policy

    This Privacy Policy takes effect from 25 April, 2024.